Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

clkmon: how do I get rid of it please?


  • This topic is locked This topic is locked
38 replies to this topic

#1 canorton

canorton

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 07 May 2014 - 08:35 AM

I have this clkmon trojan, have run adwcleaner, but clkmon is still there. Could I please be directed to an instruction set of how to get rid of this? Note: I am not a computer boffin so whatever I use should be designed for moderate expertise person such as myself. 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:23 AM

Posted 08 May 2014 - 10:12 AM

Hello and Welcome on board canorton :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Could you please post the log of Adwarecleaner? The log can also be found in here: C:\AdwCleaner\

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Make sure that Use Safe List is checked under Extra Registry.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 May 2014 - 03:52 PM

Hi Mach, thanks for the help. Here is my adwcleaner log file (I think!):

 

 AdwCleaner v3.207 - Report created 07/05/2014 at 14:40:06
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Clive - CLIVE-PC
# Running from : C:\Users\Clive\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Clive\AppData\Roaming\Tencent
File Deleted : C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-1.job
File Deleted : C:\Windows\System32\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-1
File Deleted : C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-2.job
File Deleted : C:\Windows\System32\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-2
File Deleted : C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-3.job
File Deleted : C:\Windows\System32\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-3
File Deleted : C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-4.job
File Deleted : C:\Windows\System32\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-4
File Deleted : C:\Windows\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-5.job
File Deleted : C:\Windows\System32\Tasks\ea727281-8281-467f-bafd-cf5fb6f1777a-5
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97268009-BED3-4614-802A-5F1673AC6BCE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97268009-BED3-4614-802A-5F1673AC6BCE}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4B766F3-7B42-4758-89F7-EBD0120A41E5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4B766F3-7B42-4758-89F7-EBD0120A41E5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{35DAE86D-FDCB-4378-9224-FA0FE2A9ABC6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35DAE86D-FDCB-4378-9224-FA0FE2A9ABC6}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F365D278-65E1-4CAE-9F49-416BE1F993C8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F365D278-65E1-4CAE-9F49-416BE1F993C8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A66D632-379F-48CA-B5D9-929E96551B22}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A66D632-379F-48CA-B5D9-929E96551B22}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0049074.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901174}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902274}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444904474}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411901174}
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\installedbrowserextensions
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v34.0.1847.131
 
[ File : C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4457 octets] - [07/05/2014 14:34:00]
AdwCleaner[S0].txt - [4228 octets] - [07/05/2014 14:40:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4288 octets] ##########
 
I will follow your instructions and let you know what happens
Regards
Clive Norton


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:23 AM

Posted 08 May 2014 - 03:54 PM

OK :) Will wait for the logs.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 11 May 2014 - 05:56 AM

Hi Mach

I sent you the logs from OTL yesterday already but the post never went. When I try to send you the report again to you today I get an error message to say the post is too long. Can I e-mail it to you?

Please advise

 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:23 AM

Posted 11 May 2014 - 07:55 AM

Attach it here by clicking on More Reply Options and then on Choose File.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 11 May 2014 - 09:17 AM

Attached File  Extras.Txt   38.38KB   2 downloads



#8 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 11 May 2014 - 09:19 AM

Hi Mach

The OTL file is still 20kb too big to attach



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:23 AM

Posted 11 May 2014 - 11:38 AM

Then zip it and attach it here.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 11 May 2014 - 01:09 PM

Attached File  OTL.zip   23.51KB   1 downloads



#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:23 AM

Posted 11 May 2014 - 01:36 PM

Hello,

Please

Step 1: Uninstalls

  • Click on the Start Start%20Orb.jpg button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:
    • The weDownload Manager
       
  • Once you have done this, reboot your computer

Step 2: OTL Fix
 

  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\S-1-5-21-1661148196-2800640247-463694396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.csir.co.za;146.64.*;<local>
    IE - HKU\S-1-5-21-1661148196-2800640247-463694396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=pta-proxy.csir.co.za:3128
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1661148196-2800640247-463694396-1000\..Trusted Domains: haywardsafaris.com ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-1661148196-2800640247-463694396-1000\..Trusted Domains: rising.com.cn ([]http in Trusted sites)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{e0069307-c937-11e3-a86a-0016419d9d75}\Shell - "" = AutoRun
    O33 - MountPoints2\{e0069307-c937-11e3-a86a-0016419d9d75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{e00693bb-c937-11e3-a86a-0016419d9d75}\Shell - "" = AutoRun
    O33 - MountPoints2\{e00693bb-c937-11e3-a86a-0016419d9d75}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    [2009/10/28 19:23:05 | 000,008,896 | ---- | C] () -- C:\Users\Clive\e3c7f55r3.exe
    [2009/10/28 19:16:46 | 000,008,896 | ---- | C] () -- C:\Users\Clive\t3p3y74w6.exe
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4: OTL Quickscan

  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Step 5: Question

How is the PC running? 


Edited by Machiavelli, 11 May 2014 - 01:40 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 12 May 2014 - 02:25 AM

Ok Mach, I have run the OTL Run fix, here is the log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-1661148196-2800640247-463694396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1661148196-2800640247-463694396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1661148196-2800640247-463694396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\haywardsafaris.com\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1661148196-2800640247-463694396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rising.com.cn\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0069307-c937-11e3-a86a-0016419d9d75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0069307-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
C:\Users\Clive\e3c7f55r3.exe moved successfully.
C:\Users\Clive\t3p3y74w6.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Clive
->Temp folder emptied: 137193123 bytes
->Temporary Internet Files folder emptied: 53595934 bytes
->Google Chrome cache emptied: 258051982 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20215522 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 27920567 bytes
RecycleBin emptied: 298744009 bytes
 
Total Files Cleaned = 759.00 mb
 
In answer to your last question, my PC is quite slow, especially since I changed from XP to Win 7, and I lost a number of quite valuable programmes.Win 7 is also quite annoying because I cannot install any printers. But these things I will address with my local buddy. I have a full back-up of my computer before the conversion to Win 7. For the record, I am running a fairly old Dell D620 Laptop 32bit with iGb memory and about a 100Gb disc which is partitioned. The C drive (where the OS is) has about 13 Gb free space and the E drive (where I keep most of my data) has only about 3Gb left. 
 
I move now to run JRT as instructed and will follow instructions from there. BTW I run MSE as my virus protection. I used to run also Unhackme on XP (freeware version) to try to catch possible rootkit invasions but I also lost that on the conversion to Win 7. 


#13 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 12 May 2014 - 02:41 AM

Hi Mach

Here is the JRT log:

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Clive on 2014/05/12 at  9:32:56.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/05/12 at  9:36:30.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I go now to do the next step (quick scan on OTL). Will report back after that. By the way, Cklmon is still messing around with my Chrome browser, after all this


#14 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 12 May 2014 - 03:25 AM

Here is the OTL quick scan log. I am also attaching a screen grab of the settings in OTL because they were this time not quite the same as the first time I did an OTL scan. If the settings are not right, please let me know and I will redo the scan.


OTL logfile created on: 2014/05/12 09:42:54 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Clive\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00001C09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd
 
1014.18 Mb Total Physical Memory | 161.91 Mb Available Physical Memory | 15.96% Memory free
1.99 Gb Paging File | 0.46 Gb Available in Paging File | 23.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.97 Gb Total Space | 14.60 Gb Free Space | 32.46% Space Free | Partition Type: NTFS
Drive D: | 66.81 Gb Total Space | 3.64 Gb Free Space | 5.44% Space Free | Partition Type: NTFS
 
Computer Name: CLIVE-PC | User Name: Clive | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/12 08:57:45 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Clive\Desktop\JRT.exe
PRC - [2014/05/08 22:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
PRC - [2014/04/24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/04/22 07:03:51 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/08/28 05:56:04 | 016,619,576 | ---- | M] (Tencent Inc.) -- D:\Program Files\Foxmail 7.0\Foxmail.exe
PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/16 21:40:06 | 000,077,056 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2011/04/25 20:27:44 | 000,733,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011/04/22 18:26:18 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2010/11/20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 23:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/11/20 23:29:07 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010/05/08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/24 02:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/02/10 12:44:24 | 004,592,128 | ---- | M] () -- C:\Users\Clive\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libGLESv2.dll
MOD - [2014/02/10 12:44:24 | 000,112,128 | ---- | M] () -- C:\Users\Clive\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libEGL.dll
MOD - [2014/01/03 19:45:50 | 002,927,360 | ---- | M] () -- C:\Windows\wweb32.dll
MOD - [2013/08/07 11:32:50 | 000,097,848 | ---- | M] () -- D:\Program Files\Foxmail 7.0\Skin\TXScrollbar.dll
MOD - [2013/05/28 04:46:04 | 000,103,480 | ---- | M] () -- D:\Program Files\Foxmail 7.0\IE8DLL.dll
MOD - [2012/02/17 09:18:22 | 000,249,208 | ---- | M] () -- D:\Program Files\Foxmail 7.0\FMZip.dll
MOD - [2011/04/22 18:25:28 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/23 19:07:16 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/04/21 08:14:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/05/08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/22 18:26:12 | 000,037,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/04/22 18:26:10 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011/04/22 18:26:08 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/04/22 18:26:06 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/04/22 18:26:04 | 000,188,808 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eudisk.sys -- (EUDISK)
DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/05/22 14:48:20 | 000,070,656 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/04/30 16:52:06 | 000,206,336 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/03/25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/03/20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/07/14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{7F200F68-673B-4A8C-B9AD-6D7B631FF9B4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: C:\Program Files\WordWeb\WCaptureMoz [2014/04/23 16:15:36 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: suggest_url = https://www.google.com/complete/search?q={searchTerms},
CHR - homepage: 
CHR - plugin: Error reading preferences file
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Foxmail] D:\Program Files\Foxmail 7.0\Foxmail.exe (Tencent Inc.)
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02FEDAC6-B8DC-44A8-ADDC-F34ED7F850A7}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/clive/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/11/24 18:56:39 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/11/24 18:56:39 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/12 09:32:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/12 09:06:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/12 08:58:29 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Clive\Desktop\JRT.exe
[2014/05/11 19:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/05/11 19:36:04 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\WinZip
[2014/05/11 19:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/05/11 19:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/05/08 22:24:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
[2014/05/07 14:34:39 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/07 14:33:57 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/01 09:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2014/04/23 16:27:48 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Skype
[2014/04/23 16:26:36 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Skype
[2014/04/23 16:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/04/23 16:25:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/04/23 16:25:21 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2014/04/23 16:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/04/23 16:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\WordWeb
[2014/04/23 11:40:01 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Tracker Software
[2014/04/23 11:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/04/23 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/04/23 11:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange
[2014/04/23 11:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2014/04/23 10:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/04/23 06:32:40 | 000,000,000 | -HSD | C] -- C:\Users\Clive\UserData
[2014/04/22 07:50:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2014/04/22 07:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cell C
[2014/04/22 06:59:25 | 000,167,936 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2014/04/22 06:59:25 | 000,070,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2014/04/22 06:59:25 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2014/04/22 06:59:25 | 000,051,584 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2014/04/22 06:59:25 | 000,026,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2014/04/22 06:59:01 | 000,206,336 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2014/04/22 06:59:01 | 000,105,984 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2014/04/22 06:59:01 | 000,027,136 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2014/04/22 06:59:01 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2014/04/22 06:58:30 | 000,101,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2014/04/22 06:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cell C
[2014/04/22 06:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2014/04/21 19:52:34 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Adobe
[2014/04/21 19:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/04/21 19:42:39 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Adobe
[2014/04/21 18:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/04/21 17:33:02 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/04/21 17:18:21 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/04/21 14:01:42 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Foxmail7
[2014/04/21 13:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\The weDownload Manager
[2014/04/21 13:27:04 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Foxmail
[2014/04/21 13:26:41 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Foxmail
[2014/04/21 13:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxmail
[2014/04/21 13:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/04/21 12:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/04/21 12:59:20 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Google
[2014/04/21 12:58:47 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Apps
[2014/04/21 12:58:46 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Deployment
[2014/04/21 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\Clive\Documents\OneNote Notebooks
[2014/04/21 12:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/04/21 12:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2014/04/21 12:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2014/04/21 12:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/04/21 12:12:46 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/04/21 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2014/04/21 12:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014/04/21 12:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2014/04/21 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2014/04/21 12:09:17 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Microsoft Help
[2014/04/21 12:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/04/21 11:52:11 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2014/04/21 11:49:51 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/04/21 11:41:38 | 000,000,000 | ---D | C] -- C:\Users\Clive\Desktop\office
[2014/04/21 11:30:37 | 000,188,808 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudisk.sys
[2014/04/21 11:30:36 | 000,021,896 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eufs.sys
[2014/04/21 11:30:35 | 000,015,240 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eudskacs.sys
[2014/04/21 11:30:33 | 000,031,112 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\drivers\eubakup.sys
[2014/04/21 11:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Todo Backup Server 2.5
[2014/04/21 11:30:16 | 000,018,824 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\System32\fbnative.exe
[2014/04/21 11:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2014/04/21 11:25:52 | 000,000,000 | ---D | C] -- C:\Users\Clive\Desktop\VMware Workstation 10.0.1 Build 1379776
[2014/04/21 11:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/04/21 10:54:35 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Apple Computer
[2014/04/21 10:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/04/21 08:35:30 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\MigWiz
[2014/04/21 08:28:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2014/04/21 08:24:13 | 000,000,000 | R--D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/21 08:24:13 | 000,000,000 | R--D | C] -- C:\Users\Clive\Searches
[2014/04/21 08:24:13 | 000,000,000 | R--D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/21 08:24:13 | 000,000,000 | -H-D | C] -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/04/21 08:23:57 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Identities
[2014/04/21 08:23:54 | 000,000,000 | R--D | C] -- C:\Users\Clive\Contacts
[2014/04/21 08:23:20 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\VirtualStore
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\AppData\Local\Temporary Internet Files
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Templates
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Start Menu
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\SendTo
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Recent
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\NetHood
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Documents\My Videos
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Documents\My Pictures
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Documents\My Music
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Local Settings
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\AppData\Local\History
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Cookies
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\Application Data
[2014/04/21 08:16:03 | 000,000,000 | -HSD | C] -- C:\Users\Clive\AppData\Local\Application Data
[2014/04/21 08:16:03 | 000,000,000 | -H-D | C] -- C:\Users\Clive\PrintHood
[2014/04/21 08:16:03 | 000,000,000 | ---D | C] -- C:\Users\Clive\My Documents
[2014/04/21 08:16:00 | 000,000,000 | --SD | C] -- C:\Users\Clive\AppData\Roaming\Microsoft
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Videos
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Saved Games
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Pictures
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Music
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Links
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Favorites
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Downloads
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\Desktop
[2014/04/21 08:16:00 | 000,000,000 | R--D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/04/21 08:16:00 | 000,000,000 | -H-D | C] -- C:\Users\Clive\AppData
[2014/04/21 08:16:00 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Temp
[2014/04/21 08:16:00 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\Microsoft
[2014/04/21 08:16:00 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Media Center Programs
[2014/04/21 08:15:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2014/04/21 08:12:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/04/21 07:39:24 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/04/21 07:37:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/04/20 17:31:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/04/20 15:52:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/04/20 15:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/20 15:48:39 | 005,195,329 | R--- | C] (Swearware) -- C:\Users\Clive\Desktop\ComboFix.exe
[2014/04/20 15:14:21 | 004,787,368 | ---- | C] (Piriform Ltd) -- C:\Users\Clive\Desktop\ccsetup412.exe
[2014/04/19 14:58:20 | 000,000,000 | -HSD | C] -- C:\BOOT
[2014/04/19 14:55:18 | 176,422,872 | ---- | C] (VMware, Inc.                                                   ) -- C:\Users\Clive\Desktop\VMware-converter-en-5.5.1-1682692.exe
[2014/04/19 14:54:50 | 187,233,808 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd                      ) -- C:\Users\Clive\Desktop\Easus Server 2.5 Backup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/12 09:12:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/12 09:12:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/12 09:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/12 09:11:33 | 797,585,408 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/12 09:10:38 | 000,020,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/12 09:10:38 | 000,020,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/12 09:03:06 | 000,004,419 | ---- | M] () -- C:\Users\Clive\Desktop\Instructs 2.rtf
[2014/05/12 08:57:45 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Clive\Desktop\JRT.exe
[2014/05/11 19:46:10 | 000,024,076 | ---- | M] () -- C:\Users\Clive\Desktop\OTL.zip
[2014/05/11 19:37:05 | 000,002,283 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/08 22:27:10 | 000,000,542 | ---- | M] () -- C:\Users\Clive\Desktop\clkfix.rtf
[2014/05/08 22:23:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
[2014/05/08 14:21:51 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/08 14:21:51 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/04/30 07:22:54 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/26 08:42:50 | 000,007,630 | ---- | M] () -- C:\Users\Clive\AppData\Local\Resmon.ResmonCfg
[2014/04/23 19:07:37 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2014/04/23 16:25:28 | 000,002,685 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/23 11:18:38 | 000,001,228 | ---- | M] () -- C:\Users\Clive\Desktop\Revo Uninstaller.lnk
[2014/04/23 11:01:26 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\PDF-XChange Editor.lnk
[2014/04/23 06:32:59 | 000,002,231 | ---- | M] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/23 05:49:53 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/04/22 07:29:21 | 000,000,134 | ---- | M] () -- C:\Users\Clive\Desktop\Internet Explorer Troubleshooting.url
[2014/04/22 07:01:32 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Cell C.lnk
[2014/04/22 07:00:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2014/04/21 18:16:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/04/21 17:32:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2014/04/21 14:53:12 | 000,000,803 | ---- | M] () -- C:\Users\Clive\Desktop\capture.exe.lnk
[2014/04/21 14:00:47 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Foxmail.lnk
[2014/04/21 14:00:47 | 000,000,704 | ---- | M] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxmail.lnk
[2014/04/21 12:56:09 | 000,001,413 | ---- | M] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/21 12:34:55 | 000,001,282 | ---- | M] () -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/04/21 11:30:52 | 000,194,748 | -HS- | M] () -- C:\EASEUSLD.LDR
[2014/04/21 11:30:23 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Todo Backup Server 2.5.lnk
[2014/04/21 11:25:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/21 11:09:07 | 000,000,689 | ---- | M] () -- C:\Users\Clive\Desktop\My Documents - Shortcut.lnk
[2014/04/21 11:01:50 | 000,025,580 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2014/04/21 07:48:31 | 000,122,093 | ---- | M] () -- C:\Windows\System32\license.rtf
[2014/04/21 07:48:30 | 000,000,197 | RHS- | M] () -- C:\boot.ini
[2014/04/21 07:41:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2014/04/20 17:36:08 | 000,001,024 | ---- | M] () -- C:\.rnd
[2014/04/20 15:52:30 | 000,000,327 | RHS- | M] () -- C:\Boot.ini.saved
[2014/04/20 15:47:36 | 005,195,329 | R--- | M] (Swearware) -- C:\Users\Clive\Desktop\ComboFix.exe
[2014/04/20 15:11:10 | 004,787,368 | ---- | M] (Piriform Ltd) -- C:\Users\Clive\Desktop\ccsetup412.exe
[2014/04/19 16:15:00 | 000,004,096 | -HS- | M] () -- C:\{A101088E-97B1-4414-8951-284DD07B54A7}.CBM
[2014/04/19 15:34:51 | 000,369,152 | -HS- | M] () -- C:\EUMONBMP.SYS
[2014/04/19 10:41:10 | 176,422,872 | ---- | M] (VMware, Inc.                                                   ) -- C:\Users\Clive\Desktop\VMware-converter-en-5.5.1-1682692.exe
[2014/04/19 09:55:28 | 000,558,982 | ---- | M] () -- C:\Users\Clive\Desktop\Winning questions.bmp
[2014/04/17 14:20:16 | 000,678,582 | ---- | M] () -- C:\Users\Clive\Desktop\e-tag error.bmp
[2014/04/16 15:26:27 | 001,650,094 | ---- | M] () -- C:\Users\Clive\Desktop\Portfolio Boss.bmp
 
========== Files Created - No Company Name ==========
 
[2014/05/12 09:03:05 | 000,004,419 | ---- | C] () -- C:\Users\Clive\Desktop\Instructs 2.rtf
[2014/05/11 19:48:25 | 000,024,076 | ---- | C] () -- C:\Users\Clive\Desktop\OTL.zip
[2014/05/11 19:37:05 | 000,002,283 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/08 22:27:10 | 000,000,542 | ---- | C] () -- C:\Users\Clive\Desktop\clkfix.rtf
[2014/04/26 08:42:50 | 000,007,630 | ---- | C] () -- C:\Users\Clive\AppData\Local\Resmon.ResmonCfg
[2014/04/23 19:07:37 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2014/04/23 16:25:27 | 000,002,685 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/04/23 16:15:45 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordWeb.lnk
[2014/04/23 16:15:36 | 002,927,360 | ---- | C] () -- C:\Windows\wweb32.dll
[2014/04/23 11:18:38 | 000,001,228 | ---- | C] () -- C:\Users\Clive\Desktop\Revo Uninstaller.lnk
[2014/04/23 11:01:26 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\PDF-XChange Editor.lnk
[2014/04/22 07:29:20 | 000,000,134 | ---- | C] () -- C:\Users\Clive\Desktop\Internet Explorer Troubleshooting.url
[2014/04/22 07:01:32 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\Cell C.lnk
[2014/04/22 07:00:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2014/04/22 06:07:36 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/04/21 18:16:33 | 000,002,123 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/04/21 18:15:12 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/04/21 17:32:49 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2014/04/21 17:32:44 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2014/04/21 14:52:39 | 000,000,803 | ---- | C] () -- C:\Users\Clive\Desktop\capture.exe.lnk
[2014/04/21 14:00:47 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Foxmail.lnk
[2014/04/21 13:26:40 | 000,000,704 | ---- | C] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxmail.lnk
[2014/04/21 13:02:00 | 000,002,231 | ---- | C] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/04/21 13:02:00 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/21 12:59:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/21 12:59:52 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/21 12:56:09 | 000,001,413 | ---- | C] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/04/21 12:34:55 | 000,001,282 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2014/04/21 11:30:33 | 000,037,256 | ---- | C] () -- C:\Windows\System32\drivers\EUBKMON.sys
[2014/04/21 11:30:23 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Todo Backup Server 2.5.lnk
[2014/04/21 11:25:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/04/21 11:09:07 | 000,000,689 | ---- | C] () -- C:\Users\Clive\Desktop\My Documents - Shortcut.lnk
[2014/04/21 11:01:51 | 000,025,580 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2014/04/21 08:24:16 | 000,001,419 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/04/21 08:16:00 | 000,000,290 | ---- | C] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/04/21 08:16:00 | 000,000,272 | ---- | C] () -- C:\Users\Clive\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/04/21 07:47:54 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014/04/21 07:47:34 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014/04/21 07:41:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
[2014/04/21 07:34:05 | 797,585,408 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/20 15:52:30 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2014/04/20 15:52:23 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/04/20 13:40:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2014/04/19 16:15:00 | 000,004,096 | -HS- | C] () -- C:\{A101088E-97B1-4414-8951-284DD07B54A7}.CBM
[2014/04/19 14:58:19 | 000,194,748 | -HS- | C] () -- C:\EASEUSLD.LDR
[2014/04/19 09:55:28 | 000,558,982 | ---- | C] () -- C:\Users\Clive\Desktop\Winning questions.bmp
[2014/04/17 14:20:16 | 000,678,582 | ---- | C] () -- C:\Users\Clive\Desktop\e-tag error.bmp
[2014/04/16 15:26:27 | 001,650,094 | ---- | C] () -- C:\Users\Clive\Desktop\Portfolio Boss.bmp
[2013/12/27 16:25:14 | 000,000,008 | RH-- | C] () -- C:\Users\Clive\hwid
[2007/07/28 19:01:21 | 000,000,042 | ---- | C] () -- C:\Users\Clive\default.pls
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/21 13:29:15 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Foxmail
[2014/05/12 09:33:25 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Foxmail7
[2014/04/23 11:40:01 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Tracker Software
 
========== Purity Check ==========
 
 
 
< End of report >
 

 

Attached Files



#15 canorton

canorton
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 12 May 2014 - 08:00 AM

Hi Mach

Sorry, when I first got your instructions I copied them off the e-mail but I somehow missed the first step (uninstall we Download Manager.) So I have now done step 1 and gone through Step 2 again. Would it make a huge difference if I did not run OTL as an adminstrator? (I forgot that and simply double clicked on it) Anyway, here is the latest log again:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-1661148196-2800640247-463694396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1661148196-2800640247-463694396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1661148196-2800640247-463694396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\haywardsafaris.com\www\ not found.
Registry key HKEY_USERS\S-1-5-21-1661148196-2800640247-463694396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rising.com.cn\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0069307-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0069307-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e0069307-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0069307-c937-11e3-a86a-0016419d9d75}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e00693bb-c937-11e3-a86a-0016419d9d75}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
File C:\Users\Clive\e3c7f55r3.exe not found.
File C:\Users\Clive\t3p3y74w6.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Clive
->Temp folder emptied: 1794989 bytes
->Temporary Internet Files folder emptied: 2742274 bytes
->Google Chrome cache emptied: 67663770 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 525720 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 69.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05122014_143256
 
Files\Folders moved on Reboot...
File\Folder C:\Users\Clive\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0000.tmp not found!
File\Folder C:\Users\Clive\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D1EF2B8E-8DD4-413C-8365-28CF3B8315FA}.tmp not found!
File\Folder C:\Users\Clive\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F5F9BDC6-4C17-4985-B947-29FF889DDC1B}.tmp not found!
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000003F1A5324BDC97DE15 not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
I will now proceed to Step 3, JRT
By the way, back to your last question: After uninstalling weDownload Manager and rebooting, my PC became VERY slow and I was then unable to open Wordpad files (which is where I save your instructions). We will see...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users