Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack.NoFolderOption System Infected HELP

Started by Jayli , Sep 30 2012 12:04 PM

  • This topic is locked This topic is locked

#91
RKinner
Posted 13 October 2012 - 04:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
This is may be a good thing - if it let's us fix it. Run regedit again and right click on HKEY_USERS and select Permissions. There should be 4 users: Everyone, Restricted, System and Administrators. If you click on the first one and look in the lower pane you should see only Read checked in the Allow column. Same thing with Restricted. The other two should each have Full Control and Read checked. Do they?
  • 0

Advertisements

#92
Jayli
Posted 13 October 2012 - 05:12 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
You are correct. Boxes are checked exactly as you stated. I was online doing research about Permissions too. I did notice that in the registry I can create a NEW Key in Classes Root, Current User and Current Config. I was also reading about Local Security Policy, but once again it's over my head.

A site I saw said that perhaps my User acct is corrupt and to create a new one. I did with Admin rights and I even added a password. Didn't help. I'm ready when you are. Thanks.
  • 0

#93
RKinner
Posted 13 October 2012 - 08:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Guess we are barking up the wrong tree here. Tried to create a key on mine and it balked so that's normal.

Look in
HKEY_USERS\S-1-5-21-69476175-3800389733-3272593679-1003\Volatile Environment

Do you see AppData on the right? It should have a value of C:\Users\YouUserName\AppData\Roaming It's a String Value in case you need to create it.
  • 0

#94
Jayli
Posted 13 October 2012 - 10:30 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
No, it's not there. Under Volatile Environment is a sub folder name 1.
Inside the Volatile Folder itself are the following:
Default REG_SZ (value not set)
HOMEDRIVE REG_SZ C:
HOMEPATH REG_SZ \Users\Lisette Miller
LOGONSERVER REG_SZ \\LISETTEMILLER
USERDOMAIN REG_SZ LisetteMiller
USERNAME REG_SZ LisetteMiller
USERPROFILE REG_SZ C:\Users\Lisette Miller

Inside the 1 folder is:

(Default) REG_SZ (value not set)
CLIENTNAME REG_SZ nothing
SESSIONNAME REG_SZ Console


I see that same SessionInfo & "1" folder in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1

This is something we looked at before. An ADVANCED folder should be where that SessionInfo folder is.

FYI, even though I used the AVG UN-Installer, it's still in my registry in places. I can see it with enum\legacy files when I run the AVG Uninstaller with CMD prompt. Looking on the net, some people claim some enum\legacy files are virus...something to do with Windows Ultra Antivirus. Lot's of different stories out there. Anyway, I've also seen a program called Rootkit Unhooker. Anything good about it?

Next, I have a Guest Acct that also says Administrator that was already created b4 I bought this laptop. I just turned it on and rebooted, then attempted to log on and it wouldn't let me. It just logged on, then logged off within 10 seconds or so. When I previously created another user acct w standard privileges, it did the same thing. Should we log into the Default or System Admin account or is that too dangerous? Is the Local Security not allowing the registry to be changed? I know this is a pain, but I really appreciate your help. Thanks.
  • 0

#95
RKinner
Posted 14 October 2012 - 01:34 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
USe regedit and go to the entry that look likes this:

HKEY_USERS\S-1-5-21-69476175-3800389733-3272593679-1003\

Right click on it and Export it (call it user) to your desktop. If the file is not too big, attach it to your next post. (If the forum complains you can zip it up or rename it from user.reg to user.txt). If it's too big attach it to an email.
  • 0

#96
Jayli
Posted 14 October 2012 - 04:01 AM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
User file is 4.66 mb. I .rar'd it so now it's attached. Thanks.

Attached Files

  • Attached File  User.rar   192.16KB   114 downloads

  • 0

#97
RKinner
Posted 14 October 2012 - 11:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't know if this will work but let's give it a try. Download the attached newUser.txt file, right click on it and rename it to newUser.reg. OK. Then right click on it and Merge. Does it accept it or tell you that you can't do it?
  • 0

#98
Jayli
Posted 14 October 2012 - 12:04 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Downloaded, did a save as, dropped the menu down to "All files" and changed the extension to .reg. Still saved it as a txt file. Tried to rename it to .reg, but didn't work. Downloaded as .txt, then tried to rename to .reg, but didn't work. Thanks.


**** Opened it, then did a Save As and it worked. Merged Ok. Thanks.

Edited by Jayli, 14 October 2012 - 12:08 PM.

  • 0

#99
RKinner
Posted 14 October 2012 - 03:05 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Reboot and then Export the same key again and attach it to your next post. I want to see how much of it took.
  • 0

#100
Jayli
Posted 14 October 2012 - 03:41 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Here it is User1001.rar. Thanks.

Attached Files


  • 0

Advertisements

#101
Jayli
Posted 15 October 2012 - 12:46 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hello Ron. Previous to running the MERGE on the reg file you sent me, I ran a program called Tweaking Windows Repair. I found information about this program being used on this forum and felt it could be trusted. After running it, I can now see all users in the Local Disk (C:). I now have Administrator(with padlock symbol on the folder), Default, Jayli, Lisette Miller, Public, SYS and TESTAdmin(with padlock symbol on the folder). Is this too many Users? I can only access the Jayli, Lisette Miller & TESTAdmin.

Looking through the registry, I've found some PC-Doctor references. Looks like a previously installed program. Delete?

I also found this script on The Best problem solver. It add a Hide / Unhide to the context menu.
[...] var addthis_product = 'wpp-254'; var addthis_config = {"data_track_clickback":true};How to Create Hide and Unhide Files in Context Menu [...]
What do you think?

Thanks.
  • 0

#102
Jayli
Posted 19 October 2012 - 05:01 AM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hello Ron. Not too much movement on this post in a few days, so I ran another OTL report. Perhaps you can take a look at it ans let me know if we can proceed with this or not. As you'll see, I've been trying to clean up the registry and trying different things to research the problem. Thanks.

OTL logfile created on: 10/19/2012 6:27:14 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisette Miller\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 2.91 Gb Available in Paging File | 72.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 38.93 Gb Free Space | 52.30% Space Free | Partition Type: NTFS

Computer Name: LISETTEMILLER | User Name: Lisette Miller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/19 02:31:33 | 000,105,832 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2012/10/17 23:50:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisette Miller\Desktop\OTL.exe
PRC - [2012/10/13 01:12:49 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/01 20:41:14 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
PRC - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) -- C:\Windows\System32\SAiAdmin.exe
PRC - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2010/10/25 18:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/04/12 04:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) -- C:\Windows\System32\SAiLicSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/13 01:12:47 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/01 20:41:14 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2009/08/16 20:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - [2012/10/19 02:31:33 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/10/13 01:12:48 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/08/30 20:01:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/10/12 08:38:38 | 000,077,824 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiDownloaderVista.exe -- (SAiDownloaderVista)
SRV - [2011/10/12 08:28:36 | 000,065,536 | ---- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiAdmin.exe -- (SAiAdmin)
SRV - [2011/05/27 01:03:02 | 000,374,304 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/02/19 16:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/10/31 16:33:46 | 000,276,480 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.dll -- (UPHClean)
SRV - [2007/12/19 15:58:32 | 000,086,016 | R--- | M] (SA International) [Auto | Running] -- C:\Windows\System32\SAiLicSvr.exe -- (SAiLicSvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\LISETT~1\AppData\Local\Temp\fgdcyuog.sys -- (fgdcyuog)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LISETT~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/27 07:05:08 | 000,041,896 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/03/18 09:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/03/18 09:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2010/04/12 04:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 63 7E 26 0C F1 A6 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/10/01 18:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/13 16:09:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/01 20:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/18 02:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions
[2012/09/30 11:23:15 | 000,000,000 | ---D | M] (No name found) -- \mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/10/13 01:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/13 01:12:49 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 01:12:45 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/17 19:08:08 | 000,000,855 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35048641-5242-4676-B360-E7CF5876E6E2}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/19 02:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/10/19 01:26:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/10/19 01:00:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/19 00:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/10/19 00:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/10/19 00:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/10/18 02:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/10/18 02:56:30 | 000,093,816 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\sbhips.sys
[2012/10/18 02:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/18 02:56:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2012/10/18 02:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/10/18 02:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/10/18 02:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/10/18 02:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/10/18 02:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/10/17 19:14:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
[2012/10/17 19:11:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/17 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/17 16:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\UPHClean
[2012/10/16 01:11:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/16 01:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/16 01:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/15 23:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/10/14 06:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
[2012/10/14 06:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\SlimCleaner
[2012/10/14 06:23:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/14 03:58:45 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/10/14 03:58:45 | 000,000,000 | ---D | C] -- \RegBackup
[2012/10/14 03:37:09 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/10/14 03:37:09 | 000,000,000 | ---D | C] -- \Tweaking.com_Windows_Repair_Logs
[2012/10/14 03:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/10/14 03:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2012/10/14 03:30:09 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/13 16:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/10/13 02:56:59 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012/10/13 01:12:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/12 03:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/10/12 03:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/10/12 01:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVSoftware
[2012/10/11 23:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/11 23:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/11 23:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/09 14:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2012/10/09 14:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2012/10/09 00:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\RRTFolder
[2012/10/08 20:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/08 20:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/08 20:11:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/08 20:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/08 16:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/10/08 16:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/10/08 16:11:20 | 000,000,000 | ---D | C] -- C:\temp
[2012/10/08 16:11:20 | 000,000,000 | ---D | C] -- \temp
[2012/10/08 04:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/06 17:21:06 | 000,000,000 | ---D | C] -- C:\Windows\PIF
[2012/10/05 13:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Product Key Finder
[2012/10/05 13:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Product Key Finder
[2012/10/05 02:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2012/10/04 02:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2012/10/04 02:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2012/10/03 19:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/10/03 07:12:55 | 000,000,000 | ---D | C] -- C:\RegBack
[2012/10/03 07:12:55 | 000,000,000 | ---D | C] -- \RegBack
[2012/10/01 20:23:34 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/01 20:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/01 20:23:33 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/01 20:23:27 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/10/01 20:23:24 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/01 20:23:21 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/01 20:23:11 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/01 20:22:17 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/01 20:22:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/01 20:13:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\MFAData
[2012/09/30 11:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2012/09/30 11:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- C:\Mozilla
[2012/09/30 11:23:15 | 000,000,000 | ---D | C] -- \Mozilla
[2012/09/30 11:11:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/09/30 10:31:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/30 04:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- C:\RRTVAULT
[2012/09/30 02:02:14 | 000,000,000 | ---D | C] -- \RRTVAULT
[2012/09/25 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/09/24 19:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/24 19:07:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/24 19:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/24 19:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/24 19:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/24 16:41:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/24 16:35:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/24 16:35:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/24 16:35:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 16:35:05 | 000,000,000 | ---D | C] -- \Qoobox
[2012/09/24 16:34:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/24 11:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/23 19:52:12 | 000,086,016 | R--- | C] (SA International) -- C:\Windows\System32\SAiLicSvr.exe
[2012/09/23 19:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2012/09/23 19:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SignWarehouse
[2012/09/23 19:48:43 | 000,077,824 | ---- | C] (SA International) -- C:\Windows\System32\SAiDownloaderVista.exe
[2012/09/23 19:48:43 | 000,065,536 | ---- | C] (SA International) -- C:\Windows\System32\SAiAdmin.exe
[2012/09/23 19:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SAi
[2012/09/23 19:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\SignWarehouse
[2012/09/23 19:47:05 | 000,014,336 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\HotFldrUI.dll
[2012/09/22 01:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/22 01:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/21 17:09:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\%LOCALAPPDATA%

========== Files - Modified Within 30 Days ==========

[2012/10/19 02:47:17 | 000,015,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 02:47:17 | 000,015,840 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 02:46:51 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/19 02:46:51 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/19 02:42:04 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 02:41:59 | 1609,015,296 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 02:31:33 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 03:01:44 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/17 19:13:52 | 003,775,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/17 19:11:56 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/17 19:08:08 | 000,000,855 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/17 18:02:06 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/17 13:39:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_793
[2012/10/17 03:51:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\edit
[2012/10/16 03:47:39 | 000,000,726 | R--- | M] () -- C:\ProgramData\ntuser.pol
[2012/10/16 01:11:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/15 23:04:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/10/14 06:24:03 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\SlimCleaner.lnk
[2012/10/14 03:59:18 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-LISETTEMILLER-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012/10/14 03:37:00 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/11 21:17:46 | 000,001,382 | R--- | M] () -- C:\Users\Lisette Miller\ntuser.pol
[2012/10/08 21:08:07 | 000,000,000 | R--- | M] () -- C:\MSDOS.SYS
[2012/10/08 21:08:07 | 000,000,000 | R--- | M] () -- C:\IO.SYS
[2012/10/08 20:11:07 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 02:38:51 | 001,150,763 | ---- | M] () -- C:\junk3.rar
[2012/10/06 17:21:07 | 000,002,853 | ---- | M] () -- C:\Windows\System32\COMMAND.PIF
[2012/10/05 13:46:47 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Product Key Finder.lnk
[2012/10/05 02:21:39 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/10/04 10:27:26 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/10/03 07:44:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts_bak_532
[2012/10/01 20:23:34 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/01 20:23:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/30 02:02:14 | 000,004,131 | ---- | M] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/24 17:07:20 | 000,000,971 | ---- | M] () -- C:\Windows\System32\userawacs.cfg
[2012/09/24 11:59:56 | 000,000,110 | ---- | M] () -- C:\Windows\System32\usergui.cfg
[2012/09/23 19:45:16 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2012/09/23 03:08:12 | 000,001,407 | ---- | M] () -- C:\Users\Lisette Miller\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/22 01:28:39 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/10/19 02:31:33 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/18 02:56:36 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/17 18:02:06 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/17 03:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\System32\edit
[2012/10/15 23:04:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/10/14 06:24:03 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\SlimCleaner.lnk
[2012/10/14 04:35:50 | 000,303,616 | ---- | C] () -- \SetACL.exe
[2012/10/14 04:35:50 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/10/14 04:08:48 | 000,290,304 | ---- | C] () -- \subinacl.exe
[2012/10/14 03:59:18 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-LISETTEMILLER-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012/10/14 03:37:00 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/10 23:51:41 | 1609,015,296 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/10 23:51:41 | 1609,015,296 | -HS- | C] () -- \hiberfil.sys
[2012/10/08 21:08:07 | 000,000,000 | R--- | C] () -- C:\MSDOS.SYS
[2012/10/08 21:08:07 | 000,000,000 | R--- | C] () -- \MSDOS.SYS
[2012/10/08 21:08:07 | 000,000,000 | R--- | C] () -- C:\IO.SYS
[2012/10/08 21:08:07 | 000,000,000 | R--- | C] () -- \IO.SYS
[2012/10/08 20:11:07 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/07 02:38:50 | 001,150,763 | ---- | C] () -- C:\junk3.rar
[2012/10/07 02:38:50 | 001,150,763 | ---- | C] () -- \junk3.rar
[2012/10/06 17:21:07 | 000,002,853 | ---- | C] () -- C:\Windows\System32\COMMAND.PIF
[2012/10/05 13:46:47 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Product Key Finder.lnk
[2012/10/05 02:21:39 | 000,002,022 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2012/10/05 02:21:39 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2012/10/04 02:06:22 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/10/01 20:23:34 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/30 02:02:14 | 000,004,131 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2012/09/24 16:35:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/24 16:35:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/24 16:35:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/24 16:35:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/24 16:35:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/24 11:59:56 | 000,000,971 | ---- | C] () -- C:\Windows\System32\userawacs.cfg
[2012/09/24 11:59:56 | 000,000,110 | ---- | C] () -- C:\Windows\System32\usergui.cfg
[2012/09/23 19:45:16 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/09/22 01:28:39 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/22 01:28:39 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 13:42:15 | 000,001,382 | R--- | C] () -- C:\Users\Lisette Miller\ntuser.pol
[2012/09/08 19:04:43 | 000,000,726 | R--- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2012/09/05 17:53:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2012/09/05 17:53:17 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2012/09/05 16:17:23 | 000,000,144 | ---- | C] () -- C:\Windows\System32\lkfl.dat

========== ZeroAccess Check ==========

[2012/10/18 06:48:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 21:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
  • 0

#103
Jayli
Posted 03 November 2012 - 10:05 AM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
SOLVED!!! :thumbsup: Well, after much pain, a baby has finally been born! Lol. HOURS & HOURS of RESEARCH!!! WOW !! :happy:

My computer's registry was totally affected by Malware and viruses. Everywhere I searched, the answer was "reformat", wipe the HD clean or "new install". I have too many important and expensive programs to accept those options, so I remained patient and kept searching. My OS Problems included hidden files (not being able to show all files / folders...radio button reverting back automatically), Greyed out MS Update options (unable to update), no class files in user registry (some users were created as TEMP), no right click context desktop menu options (no NEW folder, briefcase + more) and misc other things!

I'M NOT GIVING ANY ADVISE, because I am NOT Qualified to do so. I'm only telling my own "success" story, so that others may find an alternative to "reformat" or complete install options. ** I used every program I could to ensure all viruses were removed. ** Pls consult with your Geeks Expert before trying anything.

I used a Windows 7 Installation disk to "in PLACE UPGRADE REPAIR" my laptop computer. I fooled my computer by using a disk with the EXACT same OS as my computer (WIN 7 Ultimate SP1), and chose the UPGRADE option from the installation disk. I also chose to have all MS UPDATES installed. It is vitally important to upgrade ONLY with EXACT SAME disk as your OS!!! It took awhile to find this option, but my system is back to normal, registry is working just fine, no sign of virus so far, and my programs and other software is still intact and fully functional. SO FAR, SO GOOD!!

Search on "In place Repair (your OS) upgrade". Lot's of good options out there, but follow the instructions completely.

Thanks to Ron and Geekstogo for their PROFESSIONAL Advise & Support. I will mark this as Solved. THANK YOU!!

Edited by Jayli, 03 November 2012 - 10:22 AM.

  • 0

#104
RKinner
Posted 06 November 2012 - 10:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Let's see if there are any problems left:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#105
Jayli
Posted 06 November 2012 - 12:31 PM

Jayli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Ron. Not good. Ran everything you said to run. During the OTL, I lost desktop icons, etc. After OTL completed, I attemted to restart my system and now it's saying unable to start and trying to repair. I'm using my 2nd pc to communicate with you. What happened?? I can't send any logs or info, because that computer is not working now. Thanks.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP