Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow computer/videos


  • Please log in to reply
30 replies to this topic

#1 leejones

leejones

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 23 May 2013 - 12:31 AM

to start im a computer novice

 

i can use my computer but really want this out

 

about 2 years ago i downloaded avast, i used the boot time scan option (not a great idea)

 

a week after that i had it fixed by a tech

it looks like they only got the really bad part of whatever this is

 

so after i took it home it was still messed up (they also put in a new hard drive)

 

so after that i just thought this computer is 9 years old so ..... just buy a new one, i did

 

3 computers and on all 3 it had the same thing

 

- slow typing at times

 

- jumpy scrolling/web pages (really hurts your eyes while reading)

 

- video plays even after you press pause

 

- video loads up very slow like on youtube and others

 

- video plays but not smooth like it should (if that makes sense)

 

- if i want to watch a video smoothly i have to download it to my hard drive

 

( it effects the hard drive also but not as much )

 

---------------------------------------------------------------------------

 

i have ran rkill and it said nothing is found

 

malwarebytes -found stuff but did not get whatever this is

 

same thing with webroot,trend,mcafee,system mechanic

 

Kaspersky trial version found nothing

 

comodo found nothing

 

unhackme found stuff but no malware

 

-------------------------------

i just ran hijackthis heres the log ....... (the links were part of the log)

-------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:10 PM, on 5/22/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21335)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\DFX\DFX.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DFX\Universal\Apps\DfxSharedApp32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://search.yahoo.com/search?fr=mcafee&p=%s%s
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common

Files\McAfee\SystemCore\ScriptSnc.20130517211846.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
O4 - HKLM\..\Run: [DFX] C:\Program Files\DFX\DFX.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DBAgent] "C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

(User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307749861651
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309612455447
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -

c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common

Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program

Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common

Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner -

C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common

Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common

Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common

Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common

Files\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common

Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common

Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. -

C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla

Maintenance Service\maintenanceservice.exe
O23 - Service: OBCMJ - Unknown owner - C:\DOCUME~1\Suzy\LOCALS~1\Temp\OBCMJ.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program

Files\WinPcap\rpcapd.exe
O23 - Service: Seagate Dashboard Services - Seagate Technology LLC - C:\Program Files\Seagate\Seagate

Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

--
End of file - 8644 bytes

 

------------------------------------------------

did a hard reset on my router (but not the 30-30-30 method) it did not fix it

 

i think it's a hacker (not a 100% sure) or maybe a network virus

 

that expalns why even new computers are like this

and also foud this

 

Host:
IP:
Hostname: xx-fbcdn-ecmp-01-atl1.fbcdn.net
ISP: Facebook Ireland Ltd

 

also found it from u.s but this one looked even more strange

 

---------------------------------------------------------


Edited by leejones, 23 May 2013 - 12:37 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 26 May 2013 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 leejones

leejones
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 27 May 2013 - 10:00 PM

i tried to run dds on all three of the links and it stalls/freezes up

and only way to stop it is to force shutdown

---------------

 

-i was the one that disabled the firewall-

 

here is the adwcleaner log:

------

 

# AdwCleaner v2.301 - Logfile created 05/27/2013 at 20:09:50
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Suzy - JONES-PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Suzy\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\clsoft ltd
Folder Deleted : C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\jetpack
Folder Deleted : C:\Documents and Settings\Suzy\Local Settings\Application Data\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.21335

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\jauxmvgk.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1608 octets] - [27/05/2013 20:09:50]

########## EOF - C:\AdwCleaner[S1].txt - [1668 octets] ##########

-----------------------

 

here is the checkup log:

----------

 

Results of screen317's Security Check version 0.99.64  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 McAfee AntiVirus Plus    
 McAfee Security Scan Plus   
 McAfee Virtual Technician    
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner     
 Java 7 Update 21  
 Adobe Flash Player     11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0)
 Google Chrome 26.0.1410.64  
 Google Chrome 27.0.1453.94  
 Google Chrome dsound.dll..  
 Google Chrome winmm.dll..  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

 

------------------

mcafee detected  a trojan

but it was securitycheck.exe

 


Edited by leejones, 27 May 2013 - 10:09 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 28 May 2013 - 07:01 AM

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
  • ===

    After run this tool.

    Please download ComboFix from one of these locations:
    Link 1
    Link 2
    IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    RcAuto1.gif
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Please let me know what problem persists with this computer.


#5 leejones

leejones
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 28 May 2013 - 08:38 PM

i tried to run combofix everything worked until the blue screen came up

i waited for 8 hours to work itself out it was still stalled, then later tried it again

same thing happened

 

it did install the windows recovery console

 

and i did not mouse click anything

 

also i Disabled mcafee

 

 

--------------

here is the roguekiller log:

 

--------

 

(sorry for the links .... not sure if i should of edit the log in anyway)

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Suzy [Admin rights]
Mode : Scan -- Date : 05/28/2013 08:37:52
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[TASK][SUSP PATH] Suzy.job : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Documents and Settings\Suzy\Application Data\Seagate\Seagate Dashboard 2.0\Files\Suzy.nji" [-] -> FOUND
[TASK][SUSP PATH] Suzy Merge.job : C:\Program Files\Seagate\Seagate Dashboard 2.0\NBCore.exe "C:\Documents and Settings\Suzy\Application Data\Seagate\Seagate Dashboard 2.0\Files\Suzy Merge.nji" [-] -> FOUND
[STARTUP][SUSP PATH] Uninstall Webroot RunOnce.lnk @Administrator : C:\Documents and Settings\Administrator\Application Data\wruninstall.exe [7] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVE-00A0HT0 +++++
--- User ---
[MBR] ec033d2995577579a046f93c52b34d7f
[BSP] 28fd0b7bd2cda7421b2374ad405293c9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05282013_02d0837.txt >>
RKreport[1]_S_05282013_02d0837.txt


 

--------------

 

still having the same problems


Edited by leejones, 28 May 2013 - 08:46 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 29 May 2013 - 08:34 AM

Please run the RogueKiller again and select the Delete function.

Post the log.

Try to run the DDS and ComboFix tools again. Post the logs if you can.

#7 leejones

leejones
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 May 2013 - 10:05 PM

here is the rougekiller log:

--------

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Suzy [Admin rights]
Mode : Scan -- Date : 05/29/2013 09:12:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVE-00A0HT0 +++++
--- User ---
[MBR] ec033d2995577579a046f93c52b34d7f
[BSP] 28fd0b7bd2cda7421b2374ad405293c9 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05292013_02d0912.txt >>
RKreport[1]_S_05292013_02d0912.txt
 

----------------------------

 

i tried to run dds and it stalled again  ran it from 9am-11:11am

 

combofix stalled also ran it from 11:50am-6pm

 

i ran it in this order:

 

roguekiller

----

dds

-----

combofix

 

---------------------------

i search online to see why it stall

 

and i found that running them in safe mode

may help

 

if you agree that it would help i will do that

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 30 May 2013 - 07:48 AM

Lets try this first. This tool should work in normal mode.

Download OTL to your desktop.
Double click on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.

OTL_Main_Tutorial.gif
  • Select All Users.
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs DO NOT ATTACH THEM.

#9 leejones

leejones
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 May 2013 - 10:09 AM

i did not follow the pic

 

just what you told me to do

 

if i need to redo the scan i can

 

----

here is the the otl.txt:

----------

 

OTL logfile created on: 5/30/2013 9:43:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Suzy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
990.42 Mb Total Physical Memory | 712.81 Mb Available Physical Memory | 71.97% Memory free
1.21 Gb Paging File | 0.92 Gb Available in Paging File | 75.87% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 100.43 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
 
Computer Name: JONES-PC | User Name: Suzy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/30 09:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzy\Desktop\OTL.exe
PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/07 17:14:36 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2013/03/07 17:10:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2013/03/07 17:10:38 | 001,517,640 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/20 16:19:14 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Suzy\LOCALS~1\Temp\OBCMJ.exe -- (OBCMJ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [On_Demand | Stopped] -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe -- (McAWFwk)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/23 13:18:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 17:00:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/07 17:10:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\f76BA7C.sys -- (f76BA7C)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\b64BA81.sys -- (b64BA81)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\a2aBA7D.sys -- (a2aBA7D)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\9deBA7B.sys -- (9deBA7B)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\740BA78.sys -- (740BA78)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\6a0BA7F.sys -- (6a0BA7F)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\67dBA79.sys -- (67dBA79)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\54dBA77.sys -- (54dBA77)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\404BA80.sys -- (404BA80)
DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/04/01 00:30:20 | 000,369,024 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2003/10/14 19:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 19:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 19:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-682003330-507921405-854245398-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-682003330-507921405-854245398-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682003330-507921405-854245398-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-682003330-507921405-854245398-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-682003330-507921405-854245398-1004\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKU\S-1-5-21-682003330-507921405-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7B11b496ea-481a-11dc-8314-0800200c9a66%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2
FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Suzy\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Suzy\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Suzy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}: C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/01/14 06:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Extensions
[2013/05/28 01:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions
[2013/04/02 16:41:15 | 000,000,000 | ---D | M] (Shooter) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
[2013/04/29 16:37:37 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com
[2013/05/07 16:08:00 | 000,000,000 | ---D | M] (UserZoom Survey Tool) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\userzoom_survey_tool@jetpack
[2013/04/29 16:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com\chrome
[2013/04/29 16:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com\components
[2013/04/29 16:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com\META-INF
[2013/03/08 23:33:22 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\artur.dubovoy@gmail.com.xpi
[2013/04/30 14:33:17 | 000,069,246 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\jid0-8BcAEG0VWp64q8wcJaRBq7N33PM@jetpack.xpi
[2013/05/01 10:57:23 | 000,651,215 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013/05/28 01:50:16 | 000,096,207 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/05/25 19:55:32 | 000,043,024 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2013/05/08 16:38:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 13:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/23 13:18:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: http://www.bing.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Documents and Settings\Suzy\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Suzy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U39 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/24 09:42:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [DFX] C:\Program Files\DFX\DFX.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t File not found
O4 - HKU\S-1-5-21-682003330-507921405-854245398-1004..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-507921405-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-507921405-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307749861651 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309612455447 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D05DEB20-C63E-4120-8211-1F87E82C444C}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/06 23:13:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a457572-93c1-11e0-8b42-00032518dcce}\Shell\AutoRun\command - "" = E:\Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/30 09:34:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suzy\Desktop\OTL.exe
[2013/05/29 21:32:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/29 11:43:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/29 11:27:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013/05/28 09:01:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/28 08:58:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/28 08:58:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/28 08:58:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/28 08:58:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/28 08:58:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 08:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/28 08:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Desktop\RK_Quarantine
[2013/05/28 02:23:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Suzy\Desktop\dds.com
[2013/05/23 13:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/22 22:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Desktop\Logs
[2013/05/22 22:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/05/22 22:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Start Menu\Programs\HiJackThis
[2013/05/22 04:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Comodo
[2013/05/21 23:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/05/21 23:58:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/05/21 23:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/05/19 16:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Nero
[2013/05/19 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard 2.0
[2013/05/19 16:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013/05/19 16:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2013/05/19 16:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2013/05/19 16:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2013/05/19 16:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Seagate
[2013/05/19 16:21:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2013/05/19 16:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/05/19 16:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/05/19 16:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Leadertech
[2013/05/17 16:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegRun
[2013/05/17 16:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2013/05/06 02:17:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Suzy\Start Menu\Programs\Administrative Tools
[2013/05/05 22:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/30 09:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzy\Desktop\OTL.exe
[2013/05/30 08:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/30 08:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 02:55:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/29 18:07:05 | 000,405,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/29 18:07:05 | 000,054,758 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/29 18:05:15 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\My Documents.lnk
[2013/05/29 18:02:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/29 11:42:28 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\Shortcut to ComboFix.exe.lnk
[2013/05/29 11:27:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\dds.com.pif
[2013/05/29 11:27:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\Adobe Reader XI.lnk
[2013/05/28 09:01:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2013/05/28 07:24:31 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\RogueKiller.exe
[2013/05/28 07:23:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/28 02:24:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Suzy\Desktop\dds.com
[2013/05/23 03:43:17 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\HiJackThis.lnk
[2013/05/22 21:22:30 | 000,001,008 | ---- | M] () -- C:\WINDOWS\cce.INI
[2013/05/22 06:43:25 | 000,922,257 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/05/22 06:19:44 | 000,000,252 | ---- | M] () -- C:\WINDOWS\KillSwitch.INI
[2013/05/21 23:58:32 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2013/05/20 18:16:45 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Suzy DBAgent 2 0.job
[2013/05/19 17:26:04 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Seagate_Install_Launch.job
[2013/05/19 16:52:37 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
[2013/05/17 16:13:48 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/17 16:13:48 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013/05/17 16:13:48 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2013/05/16 22:02:10 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 21:59:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/14 17:00:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 17:00:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/05 22:45:55 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dat
[2013/05/05 22:45:45 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\System Checkup.lnk
[2013/05/02 21:05:56 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/29 18:05:15 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\My Documents.lnk
[2013/05/29 11:42:28 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\Shortcut to ComboFix.exe.lnk
[2013/05/29 11:27:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\dds.com.pif
[2013/05/29 11:27:07 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\Adobe Reader XI.lnk
[2013/05/28 09:01:48 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2013/05/28 09:01:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/28 08:58:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 08:58:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 08:58:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 08:58:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 08:58:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 07:24:27 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\RogueKiller.exe
[2013/05/22 22:19:12 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\HiJackThis.lnk
[2013/05/22 06:19:44 | 000,000,252 | ---- | C] () -- C:\WINDOWS\KillSwitch.INI
[2013/05/22 04:38:21 | 000,001,008 | ---- | C] () -- C:\WINDOWS\cce.INI
[2013/05/22 00:04:21 | 000,922,257 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/05/20 18:17:35 | 000,329,863 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-507921405-854245398-1004-0.dat
[2013/05/20 18:17:25 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/05/19 16:54:55 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\Suzy DBAgent 2 0.job
[2013/05/19 16:53:50 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\Seagate_Install_Launch.job
[2013/05/19 16:52:37 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
[2013/05/17 16:13:48 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2013/05/05 22:45:55 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2013/05/05 22:45:45 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\System Checkup.lnk
[2012/10/25 17:50:45 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/14 15:35:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 14:25:04 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2012/02/11 14:23:26 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/11/09 01:46:51 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/07/14 08:42:57 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2011/07/14 08:42:57 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2011/07/13 06:36:11 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/07/11 07:02:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 19:14:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/11 09:42:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/10 19:03:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/07 09:08:18 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Suzy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 00:22:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011/06/06 23:15:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 23:10:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/06 18:03:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/06 18:02:06 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX2\procs\explorer.exe
[2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX2\h\explorer.exe
 
< MD5 for: SERVICES  >
[2001/08/30 05:30:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 05:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SERVICES.EXE.000  >
[2004/08/04 02:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe.000
 
< MD5 for: SERVICES.LNK  >
[2011/07/06 00:10:58 | 000,001,602 | ---- | M] () MD5=673B2B2DE2D5720A2006DD946FCACD49 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
 
< MD5 for: SERVICES.MSC  >
[2001/08/30 05:30:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
 
< MD5 for: SVCHOST.EXE  >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\Suzy\Local Settings\Temp\RarSFX2\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WINSOCK.DLL  >
[2001/08/30 05:30:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2001/08/30 05:30:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< End of report >
 

--------------------

and here extras.txt:

---------

 

OTL Extras logfile created on: 5/30/2013 9:43:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Suzy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
990.42 Mb Total Physical Memory | 712.81 Mb Available Physical Memory | 71.97% Memory free
1.21 Gb Paging File | 0.92 Gb Available in Paging File | 75.87% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 100.43 Gb Free Space | 43.13% Space Free | Partition Type: NTFS
 
Computer Name: JONES-PC | User Name: Suzy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
.url [@ = InternetShortcut] -- C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.)
 
[HKEY_USERS\S-1-5-21-682003330-507921405-854245398-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
InternetShortcut [open] -- "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1" (Maxthon International ltd.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome
"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe" = C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield®
"C:\Program Files\Maxthon\Bin\MxUp.exe" = C:\Program Files\Maxthon\Bin\MxUp.exe:*:Enabled:MxUp -- (Maxthon International ltd.)
"C:\Program Files\Maxthon\Bin\Maxthon.exe" = C:\Program Files\Maxthon\Bin\Maxthon.exe:*:Enabled:Maxthon -- (Maxthon International ltd.)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.4
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_2030161F" = SoftK56 Data Fax Modem
"DFX" = DFX
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"HPExtendedCapabilities" = HP Extended Capabilities 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KeynoteConnector" = Keynote Connector
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Full)
"Maxthon3" = Maxthon Cloud Browser
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Revo Uninstaller" = Revo Uninstaller 1.92
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-682003330-507921405-854245398-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E002314-9999-4402-9823-1CB9E6098849}_is1" = Shopping InContext
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/17/2012 11:59:07 AM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/17/2012 11:59:07 AM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/17/2012 11:59:08 AM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/17/2012 11:59:08 AM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/17/2012 11:59:08 AM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/17/2012 11:59:08 AM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/17/2012 11:59:12 AM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/24/2012 3:31:53 PM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: The server name or address could not be resolved  
 
Error - 12/24/2012 3:31:58 PM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
Error - 12/24/2012 3:32:00 PM | Computer Name = JONES-PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 with error: This network connection does not exist.  
 
[ System Events ]
Error - 5/28/2013 3:19:47 AM | Computer Name = JONES-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Home Network service depends on the McAfee Firewall Core
 Service service which failed to start because of the following error:   %%1070
 
Error - 5/28/2013 3:19:47 AM | Computer Name = JONES-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Personal Firewall Service service depends on the McAfee
 Firewall Core Service service which failed to start because of the following error:
   %%1070
 
Error - 5/28/2013 3:19:47 AM | Computer Name = JONES-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Proxy Service service depends on the McAfee Firewall Core
 Service service which failed to start because of the following error:   %%1070
 
Error - 5/28/2013 3:33:02 AM | Computer Name = JONES-PC | Source = Service Control Manager | ID = 7022
Description = The McAfee Firewall Core Service service hung on starting.
 
Error - 5/28/2013 3:33:02 AM | Computer Name = JONES-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Home Network service depends on the McAfee Firewall Core
 Service service which failed to start because of the following error:   %%1070
 
Error - 5/28/2013 3:33:02 AM | Computer Name = JONES-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Personal Firewall Service service depends on the McAfee
 Firewall Core Service service which failed to start because of the following error:
   %%1070
 
Error - 5/28/2013 3:33:02 AM | Computer Name = JONES-PC | Source = Service Control Manager | ID = 7001
Description = The McAfee Proxy Service service depends on the McAfee Firewall Core
 Service service which failed to start because of the following error:   %%1070
 
Error - 5/28/2013 9:58:50 PM | Computer Name = JONES-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without
 first being prepared for removal.
 
Error - 5/28/2013 9:58:51 PM | Computer Name = JONES-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without
 first being prepared for removal.
 
Error - 5/28/2013 9:58:51 PM | Computer Name = JONES-PC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without
 first being prepared for removal.
 
 
< End of report >
 

 

 

 

 

 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 30 May 2013 - 01:23 PM



Run OTL - Double-click OTL.exe otlDesktopIcon.png to start it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\Suzy\LOCALS~1\Temp\OBCMJ.exe -- (OBCMJ)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\f76BA7C.sys -- (f76BA7C)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\b64BA81.sys -- (b64BA81)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\a2aBA7D.sys -- (a2aBA7D)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\9deBA7B.sys -- (9deBA7B)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\740BA78.sys -- (740BA78)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\6a0BA7F.sys -- (6a0BA7F)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\67dBA79.sys -- (67dBA79)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\54dBA77.sys -- (54dBA77)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\404BA80.sys -- (404BA80)
FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
[2013/04/30 14:33:17 | 000,069,246 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\jid0-8BcAEG0VWp64q8wcJaRBq7N33PM@jetpack.xpi
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Restart the computer normally.

Run ComboFix and post a log if you can.

#11 leejones

leejones
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 31 May 2013 - 05:13 AM

here is the otl log:

--------------------

 

OTL logfile created on: 5/30/2013 8:55:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Suzy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
990.42 Mb Total Physical Memory | 615.47 Mb Available Physical Memory | 62.14% Memory free
1.21 Gb Paging File | 0.94 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 100.56 Gb Free Space | 43.18% Space Free | Partition Type: NTFS
 
Computer Name: JONES-PC | User Name: Suzy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/30 09:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzy\Desktop\OTL.exe
PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/07 17:14:36 | 000,122,984 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
PRC - [2013/03/07 17:10:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
PRC - [2013/03/07 17:10:38 | 001,517,640 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/20 16:19:14 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [On_Demand | Stopped] -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe -- (McAWFwk)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/23 13:18:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 17:00:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/07 17:10:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - [2012/05/28 10:28:04 | 000,147,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2009/10/20 13:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/04/01 00:30:20 | 000,369,024 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2003/10/14 19:08:22 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 19:05:48 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 19:04:16 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.7
FF - prefs.js..extensions.enabledAddons: %7B11b496ea-481a-11dc-8314-0800200c9a66%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: stefanvandamme%40stefanvd.net:2.2.0.2
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Suzy\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Suzy\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Suzy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3DF533F5-FB3C-4c4c-A1D7-99717F8C3038}: C:\Program Files\Webroot\Security\current\plugins\browserextension\ff_ptc\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/01/14 06:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Extensions
[2013/05/28 01:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions
[2013/04/02 16:41:15 | 000,000,000 | ---D | M] (Shooter) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
[2013/04/29 16:37:37 | 000,000,000 | ---D | M] (Keynote Connector Extension) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com
[2013/05/07 16:08:00 | 000,000,000 | ---D | M] (UserZoom Survey Tool) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\userzoom_survey_tool@jetpack
[2013/04/29 16:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com\chrome
[2013/04/29 16:37:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com\components
[2013/04/29 16:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\firefoxextensions@keynote.com\META-INF
[2013/03/08 23:33:22 | 000,275,665 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\artur.dubovoy@gmail.com.xpi
[2013/05/01 10:57:23 | 000,651,215 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\stefanvandamme@stefanvd.net.xpi
[2013/05/28 01:50:16 | 000,096,207 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/05/25 19:55:32 | 000,043,024 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2013/05/08 16:38:52 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Suzy\Application Data\Mozilla\Firefox\Profiles\nm2hleex.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 13:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/23 13:18:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: http://www.bing.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Documents and Settings\Suzy\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Suzy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U39 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Suzy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/24 09:42:00 | 000,000,792 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [DFX] C:\Program Files\DFX\DFX.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307749861651 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309612455447 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D05DEB20-C63E-4120-8211-1F87E82C444C}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/06 23:13:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a457572-93c1-11e0-8b42-00032518dcce}\Shell\AutoRun\command - "" = E:\Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/30 20:44:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/30 09:34:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Suzy\Desktop\OTL.exe
[2013/05/29 21:32:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/05/29 11:43:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/05/29 11:27:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013/05/28 09:01:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/05/28 08:58:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/05/28 08:58:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/05/28 08:58:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/05/28 08:58:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/05/28 08:58:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/28 08:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/05/28 08:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Desktop\RK_Quarantine
[2013/05/28 02:23:57 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Suzy\Desktop\dds.com
[2013/05/23 13:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/22 22:23:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Desktop\Logs
[2013/05/22 22:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/05/22 22:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Start Menu\Programs\HiJackThis
[2013/05/22 04:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Comodo
[2013/05/21 23:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\COMODO
[2013/05/21 23:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
[2013/05/19 16:55:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Nero
[2013/05/19 16:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate Dashboard 2.0
[2013/05/19 16:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2013/05/19 16:50:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2013/05/19 16:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2013/05/19 16:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2013/05/19 16:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Seagate
[2013/05/19 16:21:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2013/05/19 16:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/05/19 16:17:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2013/05/19 16:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Suzy\Application Data\Leadertech
[2013/05/17 16:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegRun
[2013/05/17 16:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2013/05/06 02:17:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Suzy\Start Menu\Programs\Administrative Tools
[2013/05/05 22:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/30 20:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/30 20:58:38 | 000,405,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/30 20:58:38 | 000,054,758 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/30 20:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/30 20:54:24 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/30 20:54:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/30 09:34:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Suzy\Desktop\OTL.exe
[2013/05/29 18:05:15 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\My Documents.lnk
[2013/05/29 11:42:28 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\Shortcut to ComboFix.exe.lnk
[2013/05/29 11:27:09 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\dds.com.pif
[2013/05/29 11:27:07 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\Adobe Reader XI.lnk
[2013/05/28 09:01:48 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2013/05/28 07:24:31 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\RogueKiller.exe
[2013/05/28 07:23:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/28 02:24:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Suzy\Desktop\dds.com
[2013/05/23 03:43:17 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\HiJackThis.lnk
[2013/05/22 21:22:30 | 000,001,008 | ---- | M] () -- C:\WINDOWS\cce.INI
[2013/05/22 06:43:25 | 000,922,257 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/05/22 06:19:44 | 000,000,252 | ---- | M] () -- C:\WINDOWS\KillSwitch.INI
[2013/05/20 18:16:45 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\Suzy DBAgent 2 0.job
[2013/05/19 17:26:04 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\Seagate_Install_Launch.job
[2013/05/19 16:52:37 | 000,001,932 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
[2013/05/17 16:13:48 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/17 16:13:48 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2013/05/17 16:13:48 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2013/05/16 22:02:10 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 21:59:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/05 22:45:55 | 000,074,703 | ---- | M] () -- C:\WINDOWS\System32\mfc45.dat
[2013/05/05 22:45:45 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Suzy\Desktop\System Checkup.lnk
[2013/05/02 21:05:56 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/29 18:05:15 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\My Documents.lnk
[2013/05/29 11:42:28 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\Shortcut to ComboFix.exe.lnk
[2013/05/29 11:27:09 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\dds.com.pif
[2013/05/29 11:27:07 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\Adobe Reader XI.lnk
[2013/05/28 09:01:48 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2013/05/28 09:01:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/05/28 08:58:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 08:58:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 08:58:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 08:58:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 08:58:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/05/28 07:24:27 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\RogueKiller.exe
[2013/05/22 22:19:12 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\HiJackThis.lnk
[2013/05/22 06:19:44 | 000,000,252 | ---- | C] () -- C:\WINDOWS\KillSwitch.INI
[2013/05/22 04:38:21 | 000,001,008 | ---- | C] () -- C:\WINDOWS\cce.INI
[2013/05/22 00:04:21 | 000,922,257 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/05/20 18:17:35 | 000,329,863 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-507921405-854245398-1004-0.dat
[2013/05/20 18:17:25 | 000,083,246 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/05/19 16:54:55 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\Suzy DBAgent 2 0.job
[2013/05/19 16:53:50 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\Seagate_Install_Launch.job
[2013/05/19 16:52:37 | 000,001,932 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Dashboard 2.0.lnk
[2013/05/17 16:13:48 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2013/05/05 22:45:55 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dat
[2013/05/05 22:45:45 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\Suzy\Desktop\System Checkup.lnk
[2012/10/25 17:50:45 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/02/14 15:35:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 14:25:04 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2012/02/11 14:23:26 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2011/11/09 01:46:51 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2011/07/14 08:42:57 | 000,078,999 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2011/07/14 08:42:57 | 000,001,395 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2011/07/13 06:36:11 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2011/07/11 07:02:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 19:14:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/11 09:42:23 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/06/10 19:03:46 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/06/07 09:08:18 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Suzy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 00:22:53 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2011/06/06 23:15:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/06 23:10:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/06 18:03:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/06 18:02:06 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/07/11 05:22:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/05/21 15:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2011/07/13 11:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/07/05 09:58:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2013/05/21 16:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegRun
[2013/05/19 16:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/07/13 22:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WRData
[2011/11/09 01:34:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{13B9F5E8-C08A-4A36-853C-E98B1B218525}
[2011/07/15 10:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzy\Application Data\iolo
[2012/10/23 14:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzy\Application Data\Keynote Systems
[2013/05/19 16:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzy\Application Data\Leadertech
[2013/04/30 02:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzy\Application Data\Maxthon3
[2013/05/19 16:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Suzy\Application Data\Seagate
 
========== Purity Check ==========
 
 

< End of report >
 

---------------------------

 

combofix still stalled (btw all these combofix stalls happened on the blue screen before it did anything .... all it does is stay on:

 

scanning for infected files ...

this typically doesn't take more then 10 minutes

however, scan times for badly infected machines may easily double

 

ran it from 9:07pm-3am

 

while searching online after i ran it i found that renaming  the file name

may work

 

if you agree that it would help i will do that


Edited by leejones, 31 May 2013 - 06:57 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 31 May 2013 - 09:21 AM

Lets try the rename way.
Delete your current version of ComboFix.exe


Download ComboFix from any of the links below but rename it to leejones.exe before saving it to your desktop. <- Important.

Link 1
Link 2
==================================
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
====

Post the log if you can.

#13 leejones

leejones
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 31 May 2013 - 11:21 PM

i renamed it before i saved it to my desktop and then ran it

 

left it running (no mouse clicks at all) from 10am-8pm

 

it still stalled



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:01 AM

Posted 01 June 2013 - 08:21 AM

Please download Farbar Service Scanner and run it on the computer with the issue.[\list]
  • Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action center
  • Windows Update
  • Windows Defender
  • [/list]

    Press Scan.
    This will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

Edited by nasdaq, 01 June 2013 - 08:23 AM.


#15 leejones

leejones
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 01 June 2013 - 09:25 AM

before i run farbar service scanner

 

this computer may not be the only infected computer

 

have a mac,2 tablets (1 ipad,1 acer) ,1 smartphone

 

all have been on the network i should of added that info in my first post

 

im not sure if the they are infect or not

 

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users