Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • Please log in to reply
9 replies to this topic

#1 Improv

Improv

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 08 May 2013 - 12:10 AM

Tried scanning the computer with MBAM and MSE and got nothing. Everytime i searched something on google it would open a new tab to http://hotstartsearch.com and everytime i would press the exit button. It's really annoying, help please.

Oh and i think i might have some kind of click fraud virus. I dont know.


Edited by Improv, 08 May 2013 - 12:16 AM.


BC AdBot (Login to Remove)

 


#2 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 PM

Posted 08 May 2013 - 02:50 AM

Hi Improv

FRST.jpgFRST

Download the 32 bit or 64 bit version for your system of FRST and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Next


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Next


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next

AdwCleaner
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
On your next reply please post :
  • FRST.txt
  • checkup.txt
  • JRT.txt
  • AdwCleaner[S1].txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#3 Improv

Improv
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 08 May 2013 - 06:14 PM

I cant find the checkup txt...

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2013
Ran by admin (administrator) on 08-05-2013 15:29:54
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
() C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\admin\Local Settings\Apps\F.lux\flux.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dropbox, Inc.) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) G:\FRST64.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [F.lux] "C:\Users\admin\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKCU\...\Run: [Spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104280 2013-04-03] (Spotify Ltd)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKCU\...\Run: [Google Update] "C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-31] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672640 2013-03-14] (Disc Soft Ltd)
MountPoints2: {f91626f0-ea71-11e1-aa82-4487fca7030d} - G:\LaunchU3.exe -a
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" [83232 2013-04-23] (Sendori, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?r0=1340505718
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -  No File
SearchScopes: HKCU - {C632FFFC-07EA-49ED-9D4A-4FA385E5BA52} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Fast Free Converter 3.0 - {C0114F18-AC58-4188-9C8B-3FE75FAFCA77} - C:\PROGRA~2\FASTFR~1\FASTFR~1\FASTFR~1.DLL (Fast Free Converter)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll [20992] (Microsoft Corporation)
Winsock: Catalog9 15 C:\Windows\system32\Sendori.dll [232448] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2F176706-C26D-4B48-9F98-5903C020FC81}: [NameServer]216.146.35.240,216.146.36.240,192.168.2.1
Tcpip\..\Interfaces\{B87CE2B5-E0D0-4455-BED7-987E02568C0C}: [NameServer]192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default
FF Homepage: hxxp://www.youtube.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Extension: FT DeepDark - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: Youtube High Definition - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}
FF Extension: googledictionary - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\googledictionary@toptip.ca.xpi
FF Extension: jid1-xUfzOsOFlzSOXg - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (BitTorrentControl_v12) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.13.20.29_0

==================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] ()
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-04-23] (Sendori, Inc.)
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [39408 2010-09-13] ()
R2 FastFreeConverterUpdt; C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [687104 2012-11-26] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [19744 2013-04-23] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-04-23] (Sendori)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [674912 2012-09-04] (Wellbia.com Co., Ltd.)

==================== Drivers (Whitelisted) ====================

R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-08] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-08 15:29 - 2013-05-08 15:29 - 00000000 ____D C:\FRST
2013-05-08 15:16 - 2013-05-08 15:16 - 00020162 ____A C:\Users\admin\Desktop\dds.txt
2013-05-08 15:16 - 2013-05-08 15:16 - 00008902 ____A C:\Users\admin\Desktop\attach.txt
2013-05-08 15:12 - 2013-05-08 15:12 - 00890825 ____A C:\Users\admin\Downloads\SecurityCheck.exe
2013-05-07 07:28 - 2013-05-07 07:28 - 00000000 ____A C:\END
2013-04-29 23:11 - 2013-04-29 23:11 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-29 23:11 - 2013-04-29 23:11 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-29 23:11 - 2013-04-29 23:11 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-29 23:11 - 2013-04-29 23:11 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-29 23:11 - 2013-04-29 23:11 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-29 23:10 - 2013-04-29 23:10 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-29 23:10 - 2013-04-29 23:10 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-29 23:10 - 2013-04-29 23:10 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-29 23:10 - 2013-04-29 23:10 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-29 23:10 - 2013-04-29 23:10 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-29 23:10 - 2013-04-29 23:10 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-29 23:09 - 2013-04-29 23:12 - 00006895 ____A C:\Windows\IE10_main.log
2013-04-26 14:04 - 2013-04-26 14:04 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-26 14:04 - 2013-04-04 05:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-26 14:04 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-26 14:04 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-24 08:27 - 2013-04-12 07:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-19 22:26 - 2013-04-19 22:26 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-04-14 13:20 - 2013-04-14 13:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\admin\Downloads\123.com.exe
2013-04-11 12:24 - 2013-04-11 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-10 21:26 - 2013-04-10 21:33 - 00000000 ____D C:\Users\admin\Documents\GTA Vice City User Files
2013-04-10 19:59 - 2013-04-12 12:49 - 00000000 ____D C:\Users\admin\Documents\GTA San Andreas User Files
2013-04-10 11:36 - 2013-03-18 23:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 11:36 - 2013-03-18 22:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 11:36 - 2013-03-18 22:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 11:36 - 2013-03-18 22:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 11:36 - 2013-03-18 21:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 11:36 - 2013-03-18 20:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 11:36 - 2013-02-28 20:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 11:36 - 2013-02-14 23:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 11:36 - 2013-02-14 23:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 11:36 - 2013-02-14 23:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 11:36 - 2013-02-14 21:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 11:36 - 2013-02-14 21:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 11:36 - 2013-02-14 20:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 11:36 - 2013-01-23 23:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-09 10:31 - 2013-04-09 10:31 - 00000000 ____D C:\Users\admin\Documents\Electronic Arts
2013-04-08 22:46 - 2013-04-10 21:23 - 00000967 ____A C:\Windows\DirectX.log
2013-04-08 22:40 - 2013-04-08 22:40 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-04-08 22:32 - 2013-04-08 22:32 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-04-08 22:21 - 2013-04-08 22:21 - 00001950 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-04-08 22:21 - 2013-04-08 22:21 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-04-08 22:21 - 2013-04-08 22:21 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-04-08 22:19 - 2013-04-08 22:32 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-04-08 16:11 - 2013-04-10 21:14 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-04-08 14:20 - 2013-04-08 14:27 - 00000000 ____D C:\Users\admin\AppData\Roaming\.minecraft
2013-04-08 14:20 - 2013-04-08 14:20 - 00002127 ____A C:\Users\admin\Desktop\Minecraft.lnk

==================== One Month Modified Files and Folders =======

2013-05-08 15:29 - 2013-05-08 15:29 - 00000000 ____D C:\FRST
2013-05-08 15:28 - 2009-07-13 21:45 - 00016480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-08 15:28 - 2009-07-13 21:45 - 00016480 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-08 15:27 - 2009-07-13 22:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-08 15:25 - 2012-10-06 18:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-08 15:21 - 2012-12-12 17:33 - 00000000 ___RD C:\Users\admin\Dropbox
2013-05-08 15:21 - 2012-12-12 17:28 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2013-05-08 15:20 - 2013-01-26 16:59 - 00012354 ____A C:\Windows\setupact.log
2013-05-08 15:20 - 2012-06-23 19:37 - 01232860 ____A C:\Windows\WindowsUpdate.log
2013-05-08 15:20 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-08 15:19 - 2012-06-23 19:37 - 00000000 ____D C:\users\admin
2013-05-08 15:16 - 2013-05-08 15:16 - 00020162 ____A C:\Users\admin\Desktop\dds.txt
2013-05-08 15:16 - 2013-05-08 15:16 - 00008902 ____A C:\Users\admin\Desktop\attach.txt
2013-05-08 15:12 - 2013-05-08 15:12 - 00890825 ____A C:\Users\admin\Downloads\SecurityCheck.exe
2013-05-07 23:22 - 2013-01-27 00:55 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2013-05-07 23:22 - 2012-11-24 14:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\MediaMonkey
2013-05-07 22:50 - 2012-07-31 16:28 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800104502-1271211563-1046598675-1000UA.job
2013-05-07 22:48 - 2011-01-08 01:46 - 00000000 ____D C:\Secret of the Universe
2013-05-07 22:45 - 2013-01-29 23:13 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2013-05-07 21:54 - 2013-01-28 21:09 - 00000000 ____D C:\TV Shows and Movies
2013-05-07 19:20 - 2012-09-01 18:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-05-07 07:28 - 2013-05-07 07:28 - 00000000 ____A C:\END
2013-05-06 22:28 - 2012-12-09 21:34 - 00000000 ____D C:\Songs
2013-05-05 13:50 - 2012-07-31 16:28 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-800104502-1271211563-1046598675-1000Core.job
2013-05-04 22:10 - 2013-01-02 17:05 - 00000000 ____D C:\Users\admin\AppData\Local\Facebook
2013-05-02 08:29 - 2012-06-23 19:56 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 22:29 - 2010-03-23 23:12 - 00000000 ____D C:\Saved As Picture
2013-04-30 19:29 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-04-30 07:13 - 2012-06-23 20:03 - 00000000 ____D C:\Windows\Panther
2013-04-30 07:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-29 23:12 - 2013-04-29 23:09 - 00006895 ____A C:\Windows\IE10_main.log
2013-04-29 23:11 - 2013-04-29 23:11 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-29 23:11 - 2013-04-29 23:11 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-04-29 23:11 - 2013-04-29 23:11 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-04-29 23:11 - 2013-04-29 23:11 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-04-29 23:11 - 2013-04-29 23:11 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-04-29 23:11 - 2013-04-29 23:11 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-04-29 23:11 - 2013-04-29 23:11 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-29 23:10 - 2013-04-29 23:10 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-29 23:10 - 2013-04-29 23:10 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-29 23:10 - 2013-04-29 23:10 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-04-29 23:10 - 2013-04-29 23:10 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-04-29 23:10 - 2013-04-29 23:10 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-04-29 23:10 - 2013-04-29 23:10 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-04-29 23:10 - 2013-04-29 23:10 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-04-29 23:10 - 2013-04-29 23:10 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-04-26 14:04 - 2013-04-26 14:04 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-26 14:04 - 2012-07-31 19:22 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-25 13:58 - 2012-09-06 16:21 - 00000000 ____D C:\ProgramData\Sendori
2013-04-25 13:58 - 2012-09-06 16:21 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-04-23 21:50 - 2012-11-09 19:50 - 00000000 ____D C:\Paint
2013-04-23 15:13 - 2012-09-06 16:21 - 00325920 ____A (Sendori) C:\Windows\SysWOW64\Sendori.dll
2013-04-22 22:53 - 2013-02-02 13:56 - 00000000 ____D C:\Users\admin\AppData\Local\Paint.NET
2013-04-19 22:26 - 2013-04-19 22:26 - 00001066 ____A C:\Users\Public\Desktop\VLC media player.lnk
2013-04-19 21:06 - 2013-01-27 00:57 - 00000000 ____D C:\Program Files (x86)\BitTorrent
2013-04-19 16:42 - 2013-02-10 14:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-19 16:42 - 2012-09-01 18:40 - 00000000 ____D C:\ProgramData\Skype
2013-04-14 13:20 - 2013-04-14 13:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\admin\Downloads\123.com.exe
2013-04-12 18:51 - 2012-10-03 14:41 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-12 18:51 - 2012-10-03 14:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-12 12:49 - 2013-04-10 19:59 - 00000000 ____D C:\Users\admin\Documents\GTA San Andreas User Files
2013-04-12 11:40 - 2012-10-28 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-12 07:45 - 2013-04-24 08:27 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 21:51 - 2012-07-31 16:31 - 00002367 ____A C:\Users\admin\Desktop\Google Chrome.lnk
2013-04-11 12:24 - 2013-04-11 12:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 11:37 - 2009-07-13 21:45 - 00457760 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 01:06 - 2012-06-23 21:52 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-11 01:06 - 2012-06-23 20:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-10 21:33 - 2013-04-10 21:26 - 00000000 ____D C:\Users\admin\Documents\GTA Vice City User Files
2013-04-10 21:23 - 2013-04-08 22:46 - 00000967 ____A C:\Windows\DirectX.log
2013-04-10 21:21 - 2012-06-23 20:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-04-10 21:14 - 2013-04-08 16:11 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-04-10 20:11 - 2012-09-06 15:14 - 00000000 ____D C:\Games
2013-04-09 10:31 - 2013-04-09 10:31 - 00000000 ____D C:\Users\admin\Documents\Electronic Arts
2013-04-08 23:55 - 2012-09-03 01:33 - 00000000 ____D C:\Remember
2013-04-08 22:40 - 2013-04-08 22:40 - 00098304 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-04-08 22:32 - 2013-04-08 22:32 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2013-04-08 22:32 - 2013-04-08 22:19 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-04-08 22:22 - 2013-01-27 15:31 - 00007644 ____A C:\Windows\PFRO.log
2013-04-08 22:21 - 2013-04-08 22:21 - 00001950 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-04-08 22:21 - 2013-04-08 22:21 - 00000000 ____D C:\Program Files (x86)\File Type Helper
2013-04-08 22:21 - 2013-04-08 22:21 - 00000000 ____D C:\Program Files (x86)\Fast Free Converter
2013-04-08 14:27 - 2013-04-08 14:20 - 00000000 ____D C:\Users\admin\AppData\Roaming\.minecraft
2013-04-08 14:20 - 2013-04-08 14:20 - 00002127 ____A C:\Users\admin\Desktop\Minecraft.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-04 22:13

==================== End Of Log ============================

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by admin on Wed 05/08/2013 at 16:04:29.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Failed to delete: [Folder] C:\Users\admin\appdata\local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/08/2013 at 16:05:19.94
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

# AdwCleaner v2.300 - Logfile created 05/08/2013 at 15:41:56
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : admin - LENOVOHD320
# Boot Mode : Normal
# Running from : C:\Users\admin\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\foxydeal.sqlite

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\3avcja2j.default\prefs.js

Deleted : user_pref("CT3225826_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2155 octets] - [08/05/2013 15:41:56]

########## EOF - C:\AdwCleaner[S1].txt - [2215 octets] ##########
 



#4 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 PM

Posted 08 May 2013 - 11:43 PM

Hi Improv ;)

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.

  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

  • If an update is found, it will download and install the latest version.

  • Once the program has loaded, select Perform quick scan, then click Scan.

    MBAM.PNG

  • When the scan is complete, click OK, then Show Results to view the results.

  • Be sure that everything is checked, and click Remove Selected .

  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Next

 

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetOnline.png button.

  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.

    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

  • Check esetAcceptTerms.png

  • Click the esetStart.png button.

  • Accept any security warnings from your browser.

  • Check esetScanArchives.png

  • Make sure that the option "Remove found threats" is Unchecked

  • Push the Start button.

  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push esetListThreats.png

  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.

  • Push the Back button.

  • Select Uninstall application on close check box and push esetFinish.png

 


- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#5 Improv

Improv
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 09 May 2013 - 10:12 PM

ESET did not find any viruses.

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
admin :: LENOVOHD320 [administrator]

5/9/2013 6:12:03 PM
mbam-log-2013-05-09 (18-12-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218437
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#6 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 PM

Posted 09 May 2013 - 11:04 PM

Hi improv ;)

 

Very good

 

Please run the following:

Please download Malwarebytes> Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page for performing a scan.

  • Caution: This is a beta version so also read the disclaimer and back> up all your data before using.

  • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.

  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

  • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.

  • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.

  • Copy and paste the contents of these two log files in your next reply.
Note: Further documentation can be found in the ReadMe.rtf file which is located in the Malwarebytes Anti-Rootkit folder.

 

Please let me know how your machine is running and if there are any outstanding issues


- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#7 Improv

Improv
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 14 May 2013 - 12:06 AM

Scan was complete. No viruses were found. Dont see any logs anywhere.



#8 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 PM

Posted 17 May 2013 - 09:11 AM

Hi Improv ;)

 

You have still problem?


- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 


#9 Improv

Improv
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 20 May 2013 - 08:07 PM

Nope i think im good thank you



#10 Robybel

Robybel

    Bleepin' Mattley


  • Malware Response Team
  • 179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:12 PM

Posted 21 May 2013 - 01:49 PM

:thumbup2:


- Proud Graduate of WTT Classroom -

Member of ASAP and UNITE


Please Only Copy And Paste Reports Into Topic - Do Not Attach

If you are satisfied with the help that you have received, please consider a donation btndonatesmr.gif

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users