Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

memory/malware problems ? [Closed]

Started by pfilighera , Jan 20 2014 03:06 PM

  • This topic is locked This topic is locked
2 replies to this topic

#1 pfilighera

pfilighera

    Authentic Member

  • Authentic Member
  • PipPip
  • 76 posts

Posted 20 January 2014 - 03:06 PM

My husband has asked me to help him with his computer...again !  When he is reading news stories on Yahoo, he is getting messages such as out of memory line 16 while on ie.  when he is on firefox, the computer just shuts down.  I was thinking of moving his music to a flash drive ( his music file says it is .98 gb).  Computer is very slow.  Please take a look when you get a chance.  It would be appreciated.

 

OTL logfile created on: 1/20/2014 3:34:10 PM - Run 9
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner.PETE-05CK9PEMS6\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
638.00 Mb Total Physical Memory | 145.66 Mb Available Physical Memory | 22.83% Memory free
1.52 Gb Paging File | 1.11 Gb Available in Paging File | 72.70% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 18.52 Gb Free Space | 49.78% Space Free | Partition Type: NTFS
 
Computer Name: PETE-05CK9PEMS6 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Owner.PETE-05CK9PEMS6\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe (Musicmatch, Inc.)
PRC - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe (Musicmatch, Inc.)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\WINDOWS\twunk_32.exe (Twain Working Group)
PRC - C:\Program Files\Canon\BJCard\Bjmcmng.exe (CANON INC.)
PRC - C:\Program Files\Canon\BJCard\BJLaunch.exe (CANON INC.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\WINDOWS\system32\msjetoledb40.dll ()
MOD - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\CDDVDAccess.dll ()
MOD - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmgit.dll ()
MOD - C:\Program Files\SpywareGuard\sgmain.exe ()
MOD - C:\Program Files\SpywareGuard\sgbhp.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe File not found
SRV - (HitmanPro37CrusaderBoot) -- E:\HitmanPro.exe /crusader:boot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (N360) -- C:\Program Files\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\oasrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (Bjmcmng) -- C:\Program Files\Canon\BJCard\Bjmcmng.exe (CANON INC.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (NAVEX15) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130331.016\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130331.016\NAVENG.SYS File not found
DRV - (MpKsl814ad28a) -- c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6040968E-AC59-4A0E-AC93-2456AF402795}\MpKsl814ad28a.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130329.001\IDSxpx86.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (CFcatchme) -- C:\ComboFix\CFcatchme.sys File not found
DRV - (catchme) -- C:\DOCUME~1\OWNER~2.PET\LOCALS~1\Temp\catchme.sys File not found
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx86.sys File not found
DRV - (asrpvntp) -- C:\WINDOWS\system32\drivers\asrpvntp.sys File not found
DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\N360\1402000.013\srtsp.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\1402000.013\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\1402000.013\symds.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\WINDOWS\system32\drivers\N360\1402000.013\ccsetx86.sys (Symantec Corporation)
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\1402000.013\ironx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\N360\1402000.013\symtdi.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\N360\1402000.013\srtspx.sys (Symantec Corporation)
DRV - (GIDv2) -- C:\WINDOWS\System32\drivers\gidv2.sys (StrikeForce Technologies, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (Lbd) -- C:\WINDOWS\system32\drivers\Lbd.sys (Lavasoft AB)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\PRISMA02.sys (GlobespanVirata, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {F762EA4E-5DC8-4C70-9D34-E791CCC371D4}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {F762EA4E-5DC8-4C70-9D34-E791CCC371D4}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/13 08:28:18 | 000,000,000 | ---D | M]
 
[2013/11/23 08:07:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Mozilla\Extensions
[2010/07/11 13:16:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2014/01/12 15:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/01/12 15:09:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/11/26 11:18:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe (CANON INC.)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [KB5708043] "C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\Application Data\KB5708043\KB5708043.exe" File not found
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [KB5708043] "C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\Application Data\KB5708043\KB5708043.exe" File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\D-link AirPlus G DWL-G120 Wireless USB.lnk = C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe (D-Link)
O4 - Startup: C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Start Menu\Programs\Startup\HpM3Util.exe ()
O4 - Startup: C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...fix/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1136593632451 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45D6A31F-96C2-4D92-B3F2-4ADBAE67D96B}: DhcpNameServer = 68.87.64.150 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5479463A-91E8-4138-B3CE-765B64CB7D71}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GIDLogonXP: DllName - (GIDLogonXP.dll) - C:\WINDOWS\System32\GIDLogonXP.dll (StrikeForce Technologies Inc)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/31 14:30:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/20 13:41:14 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/01/12 15:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/01/12 15:06:55 | 024,039,048 | ---- | C] (Mozilla) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\Firefox Setup 26.0.exe
[2014/01/12 01:18:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/01/10 23:45:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\Application Data\KB5708043
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/20 14:54:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/20 14:10:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/20 14:08:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/20 13:57:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/19 21:41:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{96E858C2-BB80-4CA6-A945-5D7F401AA939}.job
[2014/01/19 02:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014/01/12 15:10:49 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/12 15:10:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2014/01/12 15:06:55 | 024,039,048 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\Firefox Setup 26.0.exe
[2014/01/11 19:07:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/08 22:59:59 | 000,315,392 | ---- | M] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Start Menu\Programs\Startup\HpM3Util.exe
 
========== Files Created - No Company Name ==========
 
[2014/01/12 15:10:49 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/12 15:10:49 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/12 15:10:49 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2014/01/08 22:59:53 | 000,315,392 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Start Menu\Programs\Startup\HpM3Util.exe
[2013/12/10 18:56:13 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/10/05 13:12:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/27 20:11:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (8).jpeg
[2013/09/27 20:11:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (7).jpeg
[2013/09/27 20:11:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (6).jpeg
[2013/09/27 20:10:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (5).jpeg
[2013/09/27 20:08:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (4).jpeg
[2013/09/27 20:08:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (3).jpeg
[2013/09/27 20:08:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (2).jpeg
[2013/09/27 20:08:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image (1).jpeg
[2013/09/27 20:08:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\image.jpeg
[2013/05/31 07:28:26 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2013/05/31 07:28:25 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2012/10/18 18:51:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/10/18 18:51:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/10/18 18:51:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/10/18 18:51:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/10/18 18:51:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/15 06:24:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/02/14 23:00:05 | 000,315,392 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\verison.dll
[2009/02/06 18:55:45 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2012/07/04 13:15:49 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/06/13 02:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
[2010/10/16 08:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2010/10/16 08:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Common Files
[2013/12/10 20:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\HitmanPro
[2013/03/17 17:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IObit
[2012/07/04 13:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\IsolatedStorage
[2009/01/23 20:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
[2013/09/29 11:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2013/10/02 19:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MyTurboPC.com
[2013/05/31 07:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\OnlineArmor
[2013/04/02 17:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Privacyware
[2012/07/04 13:12:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\White Sky, Inc
[2009/06/06 07:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2010/06/11 07:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Auslogics
[2011/09/24 12:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\AVG2012
[2013/04/02 15:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\ID Vault
[2013/03/17 15:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\IObit
[2006/03/19 18:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Musicmatch
[2013/09/29 12:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\MyTurboPC.com
[2013/05/31 07:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\OnlineArmor
[2012/03/06 20:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\TweakNow PowerPack 2011
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: EXPLORER.EXE.000  >
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe.000
 
< MD5 for: EXPLORER.SCF  >
[2003/07/16 15:28:12 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf
 
< MD5 for: IEXPLORE.BAT  >
[2013/10/15 17:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.CHM  >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/07/17 13:40:16 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie7\iexplore.chm
[2004/07/17 13:40:16 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ServicePackFiles\i386\iexplore.chm
[2006/09/01 07:43:50 | 000,503,758 | ---- | M] () MD5=652E46500C149D1DC948BF9CEA8C4933 -- C:\WINDOWS\ie8\iexplore.chm
 
< MD5 for: IEXPLORE.CHW  >
[2009/05/31 16:23:40 | 000,153,185 | ---- | M] () MD5=00B4E1AA5457FC749D8F6D38DDAF0A15 -- C:\WINDOWS\Help\iexplore.chw
 
< MD5 for: IEXPLORE.EXE  >
[2008/12/19 00:25:25 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=030D78FE84A086ED376EFCBD2D72C522 -- C:\WINDOWS\ie7updates\KB963027-IE7\iexplore.exe
[2008/10/15 01:34:58 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=056C927CF7207857E8B34F7A8FFD9B9E -- C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[2007/04/24 09:26:26 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=10BDB55982586A432A3951EB19A26009 -- C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe
[2008/12/19 00:25:30 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=15E8A89499741D5CF59A9CF6463A4339 -- C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[2008/04/22 03:02:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=197B7E4030CFBD8D2979D375E1787AA2 -- C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[2008/08/23 00:56:15 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=1F03216084447F990AE797317D0A6E70 -- C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2008/04/22 02:40:18 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=232B22817B90AE0AFF2D189E3E3735AC -- C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
[2007/12/06 06:01:25 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2703D940A62B731AA220529DD7331A78 -- C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe
[2007/06/27 03:27:30 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=275CEE268B9E5D82474C43D5D249D111 -- C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
[2008/02/29 03:55:46 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=2D0E5592AB5A46C27DAF7CCAFF4F5B59 -- C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
[2007/08/17 05:21:21 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3AC2BC667DA0AF2C968E96E1630F5AB5 -- C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
[2006/10/17 12:04:40 | 000,622,080 | ---- | M] (Microsoft Corporation) MD5=5334D4461AA92A7B008755FE6D13C5F2 -- C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe
[2007/08/17 05:12:49 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=5577D0E3AC2F9F035ACD81B44AF5F511 -- C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2007/10/10 03:16:56 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=632BDE0179847234433CA50945442ACB -- C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[2008/06/23 04:20:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=64E376A47763DAEABCDA14BD5B6EA286 -- C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
[2007/02/21 03:00:58 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=683DDE71BCF03B501B912D20CB93B549 -- C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe
[2008/02/22 04:40:22 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=6E0888626E0CAC79F57149814E22DB4D -- C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[2009/04/19 23:56:28 | 000,060,416 | ---- | M] () MD5=753BC16326FEE4A421ACB636CCD602F4 -- C:\ComboFix\iexplore.exe
[2007/12/06 03:34:45 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=809D17D8FA0FDAEE07778CD821CAFFDE -- C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[2007/01/08 18:08:42 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=93A6A4F5293AE19E3B37021AABCF0902 -- C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe
[2007/04/24 09:20:41 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=9B3516C1F30DA17ADD3818573047D63C -- C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe
[2008/10/15 02:06:26 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=9D3DB9ADFABD2F0BC778EC03250A3ABB -- C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe
[2009/02/27 23:54:41 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=A251068640DDB69FD7805B57D89D7FF7 -- C:\WINDOWS\ie8\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\ERDNT\cache\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2009/02/27 23:54:44 | 000,636,088 | ---- | M] (Microsoft Corporation) MD5=BCD8E48709BE4A79606F0B6E8E9A6162 -- C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[2007/06/27 04:16:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=BD8502DFD53FC24FB8D6929DC46B8C2C -- C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe
[2008/06/23 03:23:52 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=C52A9EF571E91535EB78DB4B8B95EA07 -- C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[2007/02/28 01:51:34 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=D321092F8529CDAE843D6E24E3CAC6CB -- C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe
[2004/08/04 02:56:50 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
[2004/08/04 02:56:50 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\ie7\iexplore.exe
[2008/08/23 00:56:16 | 000,635,848 | ---- | M] (Microsoft Corporation) MD5=E8305C30D35E85D6657ED3E9934CB302 -- C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[2007/10/10 05:59:52 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=E854D02E4231F704D9BE782A424E6D8B -- C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.HDMP  >
[2014/01/12 00:46:35 | 006,888,811 | ---- | M] () MD5=1A3AAD3F801C641276C42BBD90649EE0 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER174b.dir00\iexplore.exe.hdmp
[2014/01/12 00:46:35 | 006,888,811 | ---- | M] () MD5=50AABE44BF29458B8B27856BA0EEBF2D -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER1bc2.dir00\iexplore.exe.hdmp
[2014/01/09 23:25:16 | 008,760,171 | ---- | M] () MD5=7D3EB30E32070109F36091CB923015F3 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER5582.dir00\iexplore.exe.hdmp
[2014/01/09 23:25:17 | 008,760,171 | ---- | M] () MD5=A58732C4E8E8D96EAF6C93ED7C041BE1 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER5215.dir00\iexplore.exe.hdmp
[2014/01/09 23:25:16 | 008,760,171 | ---- | M] () MD5=FA58FCEBEACC39D4E152DCA269F30CEF -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER4075.dir00\iexplore.exe.hdmp
 
< MD5 for: IEXPLORE.EXE.MDMP  >
[2014/01/09 23:24:41 | 000,085,757 | ---- | M] () MD5=06F1EF361B6AF1DB437BBBDDBDC59BAA -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER5215.dir00\iexplore.exe.mdmp
[2014/01/12 00:46:25 | 000,071,101 | ---- | M] () MD5=085ADE1CC6837BDEF9739610D55CBD09 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER174b.dir00\iexplore.exe.mdmp
[2014/01/09 23:24:38 | 000,085,757 | ---- | M] () MD5=3ACEC49FD1C03585CACECD3EDDBF9D21 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER5582.dir00\iexplore.exe.mdmp
[2014/01/09 23:24:41 | 000,085,757 | ---- | M] () MD5=5CFAE587B323703E859962F1A9EC8842 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER4075.dir00\iexplore.exe.mdmp
[2014/01/12 00:46:25 | 000,071,101 | ---- | M] () MD5=E2B590A4F7A70954ABD2C6F30AA956A9 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\WER1bc2.dir00\iexplore.exe.mdmp
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui
[2006/10/17 12:04:26 | 000,573,440 | ---- | M] (Microsoft Corporation) MD5=E83C9C1F9DD9D47BB44871BFC7E69DDD -- C:\WINDOWS\ie8\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-2D97EBE6.PF  >
[2014/01/20 13:11:32 | 000,090,296 | ---- | M] () MD5=B3EB5330C041DF7D140A1F3012AC2B11 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf
 
< MD5 for: IEXPLORE.HLP  >
[2003/07/16 15:30:14 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
 
< MD5 for: SERVICES  >
[2003/07/16 15:44:24 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.DAT  >
[2013/11/05 17:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Local Settings\temp\jrt\services.dat
 
< MD5 for: SERVICES.DLL  >
[2003/10/06 12:05:42 | 000,018,944 | ---- | M] () MD5=FD3C2F44D7C48F2AFC8BBC11840205D8 -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\services.dll
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 02:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
 
< MD5 for: SERVICES.LNK  >
[2006/01/05 23:08:58 | 000,001,602 | ---- | M] () MD5=61F177100FA890CBCF458E4AD8E55EAE -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Administrative Tools\Services.lnk
[2013/10/02 18:53:27 | 000,001,602 | ---- | M] () MD5=A8510F2B429DCB4388DCAEDDEA6E4B06 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MOCHIADS.COM.SOL  >
[2013/12/03 15:05:03 | 000,000,459 | ---- | M] () MD5=9461752CA7B3850EDF75F9B3DCFF1ADB -- C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\VQ3QYER3\mochiads.com\services.mochiads.com.sol
[2013/11/09 14:49:21 | 000,000,184 | ---- | M] () MD5=B6F2C8F336520B8C32C140D6FD3E1686 -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Macromedia\Flash Player\#SharedObjects\KM6BRCAT\mochiads.com\services.mochiads.com.sol
 
< MD5 for: SERVICES.MSC  >
[2003/07/16 15:44:24 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SERVICES.WEBSPECTATOR[1].XML  >
[2013/11/09 14:12:37 | 000,000,013 | ---- | M] () MD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\3L3SW6CI\services.webspectator[1].xml
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %SYSTEMDRIVE%\*.* >
[2011/04/14 02:25:04 | 000,066,524 | ---- | M] () -- C:\aaw7boot.log
[2013/10/06 08:29:54 | 000,000,789 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/10/12 19:30:05 | 000,006,654 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/10/06 08:30:38 | 000,000,848 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2005/12/31 14:30:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/15 15:10:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/11/22 13:22:39 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2004/06/23 14:02:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2013/02/21 05:33:46 | 000,000,182 | ---- | M] () -- C:\drwtsn32.log
[2004/06/23 14:02:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/26 20:24:42 | 000,008,814 | ---- | M] () -- C:\JavaRa.log
[2013/10/06 16:28:52 | 000,000,335 | ---- | M] () -- C:\local.conf
[2004/06/23 14:02:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/01/05 23:29:46 | 000,000,174 | ---- | M] () -- C:\mw.log
[2006/01/27 19:46:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/29 15:35:49 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2014/01/20 13:57:16 | 1006,632,960 | -HS- | M] () -- C:\pagefile.sys
[2010/06/10 12:55:18 | 000,000,385 | ---- | M] () -- C:\rkill.log
[2010/01/06 17:32:50 | 000,002,239 | ---- | M] () -- C:\rollback.ini
[2005/12/30 18:41:25 | 000,001,512 | ---- | M] () -- C:\smitfiles.txt
[2013/10/18 19:43:25 | 000,079,062 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_18.10.2013_20.42.19_log.txt
[2012/10/25 19:38:24 | 000,079,514 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_25.10.2012_20.35.58_log.txt
[2012/10/25 20:06:36 | 000,003,412 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_25.10.2012_21.05.20_log.txt
[2012/10/25 20:11:52 | 000,003,412 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_25.10.2012_21.11.24_log.txt
[2012/10/28 08:09:36 | 000,079,514 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_28.10.2012_09.06.22_log.txt
[2013/11/29 07:38:42 | 000,000,354 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_29.11.2013_07.38.25_log.txt
 
< %systemroot%\Fonts\*.com >
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/01/05 23:08:23 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2002/02/12 00:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD43.DLL
[2002/02/12 00:00:00 | 000,043,008 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP43.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 103D-ED2F
 Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/10/2013  07:20 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
 Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/10/2013  07:20 AM    <JUNCTION>     2.0.0.0__b03f5f7f11d50a3a
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
               2 Dir(s)  19,871,195,136 bytes free
 
< %systemroot%\System32\config\*.sav >
[2006/01/05 14:50:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/01/05 14:50:58 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/01/05 14:50:58 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/29 15:49:11 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/01/27 20:54:11 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/01/05 23:18:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
 
< %USERPROFILE%\Desktop\*.exe >
[2012/09/23 12:55:19 | 027,669,608 | ---- | M] (IObit                                                       ) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\asc-setup.exe
[2012/10/12 19:48:29 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\aswMBR.exe
[2009/05/28 18:11:47 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\ATF-Cleaner.exe
[2011/04/23 13:09:42 | 005,497,592 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\avg_free_stb_all_2011_1321_cnet.exe
[2012/09/23 12:51:33 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\ccsetup322.exe
[2013/11/21 21:15:15 | 005,146,522 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\ComboFix.exe
[2012/10/13 08:19:20 | 018,494,856 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\Firefox Setup 16.0.1.exe
[2014/01/12 15:06:55 | 024,039,048 | ---- | M] (Mozilla) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\Firefox Setup 26.0.exe
[2013/10/07 19:18:18 | 000,358,923 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\FSS.exe
[2011/04/23 12:06:00 | 016,537,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\jre-6u25-windows-i586.exe
[2013/10/17 19:07:05 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\JRT.exe
[2013/11/05 17:36:18 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\JRT_NEW.exe
[2011/05/04 08:43:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\mbam-setup-1.50.1.1100.exe
[2012/03/06 20:49:12 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\mbam-setup-1.51.2.1300.exe
[2013/10/06 15:08:06 | 012,907,592 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\mbar-1.07.0.1005.exe
[2013/10/17 18:30:30 | 000,760,937 | ---- | M] (Farbar) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\MiniToolBox.exe
[2013/09/29 07:30:31 | 011,233,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\mseinstall.exe
[2013/03/17 18:12:36 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\Norton_Removal_Tool.exe
[2013/05/31 07:25:51 | 030,185,256 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\OnlineArmorSetup.exe
[2013/09/29 12:18:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\OTL.exe
[2012/01/15 09:37:29 | 009,504,840 | ---- | M] (TweakNow.com                                                ) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\PowerPack347.exe
[2013/10/06 14:35:05 | 000,891,167 | ---- | M] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\SecurityCheck.exe
[2012/10/12 16:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\TDSSKiller.exe
[2013/10/07 18:53:50 | 003,859,661 | ---- | M] () -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\tweaking.com_registry_backup_setup.exe
[2013/12/02 19:44:55 | 021,896,408 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner.PETE-05CK9PEMS6\Desktop\Windows-KB890830-V5.6.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-01-16 08:19:54
 
<   >
[2006/01/05 23:06:32 | 000,000,065 | R--- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006/01/05 23:08:36 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/01 16:48:09 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{96E858C2-BB80-4CA6-A945-5D7F401AA939}.job
[2012/10/14 07:39:43 | 000,000,830 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013/07/29 20:59:16 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job

< End of report >

 

for whatever reason, the Extras.txt file is not on my computer.
 


    Advertisements

Register to Remove

#2 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 24 January 2014 - 11:48 AM

Hi pfilighera,

  :welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Extras.txt only shows the first time you run OTL - and this is the 9th time it has been ran on this machine.

Let's see if we can just clean up some random garbage.

Step 1

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.
Step 3
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

#3 Tomk

Tomk

    Beguilement Monitor

  • Global Moderator
  • 20,451 posts

Posted 29 January 2014 - 01:01 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·