Need help with spyware removal [Solved]
Started by
kellicanpelican
, Jan 03 2013 10:41 AM
-
This topic is locked
#16
Posted 06 January 2013 - 11:02 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
#17
Posted 06 January 2013 - 11:39 AM
kellicanpelican
- Topic Starter
-
- Member
-
- 31 posts
Member
# AdwCleaner v2.104 - Logfile created 01/06/2013 at 12:33:14
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : kaleefa munroe - YOUR-8C3461EE5F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\kaleefa munroe\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (en-US)
File : C:\Documents and Settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\kaleefa munroe\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.12.1707.0
File : C:\Documents and Settings\kaleefa munroe\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [34281 octets] - [03/01/2013 19:49:11]
AdwCleaner[S2].txt - [1165 octets] - [05/01/2013 14:49:06]
AdwCleaner[S3].txt - [1201 octets] - [06/01/2013 12:33:14]
########## EOF - C:\AdwCleaner[S3].txt - [1261 octets] ##########
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : kaleefa munroe - YOUR-8C3461EE5F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\kaleefa munroe\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v9.0.1 (en-US)
File : C:\Documents and Settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Documents and Settings\kaleefa munroe\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v12.12.1707.0
File : C:\Documents and Settings\kaleefa munroe\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [34281 octets] - [03/01/2013 19:49:11]
AdwCleaner[S2].txt - [1165 octets] - [05/01/2013 14:49:06]
AdwCleaner[S3].txt - [1201 octets] - [06/01/2013 12:33:14]
########## EOF - C:\AdwCleaner[S3].txt - [1261 octets] ##########
#18
Posted 06 January 2013 - 12:10 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Lets try a little repair now
Download Windows Repair (all in one) from this site
Install the programme then run
Go to step 3 and allow it to run SFC
On the start repairs tab click start
Select the following items and tick restart system when finished
Download Windows Repair (all in one) from this site
Install the programme then run
Go to step 3 and allow it to run SFC
On the start repairs tab click start
Select the following items and tick restart system when finished
#19
Posted 07 January 2013 - 08:22 AM
kellicanpelican
- Topic Starter
-
- Member
-
- 31 posts
Member
Okay I ran the program and restarted my computer. Opera is still running normally. I opened chrome and it is still the same as before. All webpages run slowly and information is being sent off to other places. Uwavou.com opened itself in another tab. What should I do next?
#20
Posted 07 January 2013 - 08:37 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK I am going to remove infoatoms which has been niggling at me for a while as the possible culprit
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Firefox::
FF - ProfilePath - c:\documents and settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\
FF - ExtSQL: 2012-11-28 21:20; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2012-12-25 10:19; [email protected]; c:\documents and settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-09-03 14:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-11-28 21:20; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
File::
C:\Documents and Settings\kaleefa munroe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
#21
Posted 07 January 2013 - 09:56 AM
kellicanpelican
- Topic Starter
-
- Member
-
- 31 posts
Member
Firefox is still the same. I get alerts at every page telling me that a pop up was blocked. Chrome is still the same. Internet explorer is loading pages quickly initially, but then lags for a moment as data is transferred to other sites. I just loaded another page on chrome and I noticed that data was being sent to infoatoms. Looks like infoatoms hasn't been deleted yet? Opera is still running fine.
ComboFix 13-01-06.01 - kaleefa munroe 01/07/2013 10:26:32.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.664 [GMT -5:00]
Running from: c:\documents and settings\kaleefa munroe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kaleefa munroe\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_ctypes.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_elementtree.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_hashlib.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_socket.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_ssl.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\pyexpat.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\pysqlite2._sqlite.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\python26.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\pythoncom26.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\PyWinTypes26.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\select.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\unicodedata.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32api.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32com.shell.shell.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32crypt.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32event.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32file.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32inet.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32pdh.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32process.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32profile.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32security.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32ts.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\windows._cacheinvalidation.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._controls_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._core_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._gdi_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._html2.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._misc_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._windows_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._wizard.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxbase293u_net_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxbase293u_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_adv_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_core_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_html_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_webview_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_ctypes.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_elementtree.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_hashlib.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_socket.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_ssl.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\pyexpat.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\pysqlite2._sqlite.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\python26.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\pythoncom26.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\PyWinTypes26.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\select.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\unicodedata.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32api.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32com.shell.shell.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32crypt.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32event.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32file.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32inet.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32pdh.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32process.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32profile.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32security.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32ts.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\windows._cacheinvalidation.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._controls_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._core_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._gdi_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._html2.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._misc_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._windows_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._wizard.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxbase293u_net_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxbase293u_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_adv_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_core_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_html_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-07 13:46 . 2013-01-07 14:01 -------- d-----w- c:\windows\system32\CatRoot2
2013-01-07 13:21 . 2013-01-07 13:51 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-01-07 13:21 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2013-01-07 13:17 . 2013-01-07 13:17 -------- d-----w- C:\RegBackup
2013-01-07 12:46 . 2001-08-17 19:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2013-01-07 12:46 . 2001-08-17 17:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2013-01-07 12:46 . 2001-08-17 17:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2013-01-07 12:46 . 2001-08-18 03:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2013-01-07 12:46 . 2001-08-17 17:50 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2013-01-07 12:44 . 2008-04-14 05:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-01-07 12:44 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-01-07 12:44 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-01-07 12:44 . 2008-04-14 05:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-01-07 12:44 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-01-07 12:44 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-01-07 12:44 . 2008-04-14 05:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-01-07 12:44 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-01-07 12:43 . 2008-04-14 05:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-01-07 12:43 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-01-07 12:43 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-01-07 12:43 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2013-01-07 12:43 . 2001-08-17 19:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2013-01-07 12:43 . 2008-04-14 05:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2013-01-07 12:43 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2013-01-07 12:43 . 2001-08-17 18:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2013-01-07 12:43 . 2001-08-17 17:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-01-07 12:43 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-01-07 12:41 . 2001-08-17 17:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2013-01-07 12:41 . 2001-08-17 17:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2013-01-07 12:41 . 2001-08-17 17:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-01-07 12:41 . 2001-08-17 18:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2013-01-07 12:41 . 2008-04-14 05:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2013-01-07 12:41 . 2001-08-17 17:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2013-01-07 12:41 . 2001-08-17 17:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2013-01-07 12:41 . 2001-08-18 03:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2013-01-07 12:41 . 2008-04-14 10:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2013-01-07 12:41 . 2008-04-14 10:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2013-01-07 12:40 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2013-01-07 12:40 . 2001-08-17 18:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2013-01-07 12:40 . 2008-04-14 10:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2013-01-07 12:40 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2013-01-07 12:40 . 2008-04-14 10:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2013-01-07 12:40 . 2008-04-14 05:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2013-01-07 12:40 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2013-01-07 12:40 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2013-01-07 12:40 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2013-01-07 12:40 . 2008-04-14 05:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2013-01-07 12:40 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2013-01-07 12:40 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2013-01-07 12:39 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2013-01-07 12:39 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-01-07 12:39 . 2001-08-17 19:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2013-01-07 12:39 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2013-01-07 12:39 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2013-01-07 12:39 . 2001-08-17 19:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2013-01-07 12:39 . 2001-08-18 03:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2013-01-07 12:39 . 2001-08-18 03:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2013-01-07 12:39 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2013-01-07 12:39 . 2001-08-17 19:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2013-01-07 12:39 . 2001-08-17 19:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2013-01-07 12:39 . 2001-08-17 17:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2013-01-07 12:37 . 2001-08-17 18:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2013-01-07 12:37 . 2001-08-17 18:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2013-01-07 12:37 . 2001-08-17 18:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2013-01-07 12:37 . 2001-08-18 03:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2013-01-07 12:37 . 2001-08-17 18:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2013-01-07 12:37 . 2001-08-17 18:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2013-01-07 12:37 . 2001-08-17 18:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2013-01-07 12:37 . 2001-08-17 18:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2013-01-07 12:37 . 2001-08-17 18:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2013-01-07 12:37 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2013-01-07 12:37 . 2001-08-17 18:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2013-01-07 12:35 . 2001-08-18 03:36 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2013-01-07 12:34 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-01-07 12:34 . 2001-08-17 17:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-01-07 12:34 . 2001-08-17 17:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2013-01-07 12:34 . 2001-08-17 17:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2013-01-07 12:34 . 2001-08-17 17:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2013-01-07 12:34 . 2001-08-17 17:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2013-01-07 12:34 . 2008-04-14 03:05 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2013-01-07 12:34 . 2001-08-18 03:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2013-01-07 12:34 . 2001-08-17 17:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2013-01-07 12:34 . 2001-08-17 17:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2013-01-07 12:32 . 2001-08-17 17:19 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2013-01-07 12:31 . 2001-08-17 18:28 241206 -c--a-w- c:\windows\system32\dllcache\el656se5.sys
2013-01-07 12:30 . 2001-08-17 17:11 26698 -c--a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2013-01-07 12:29 . 2001-08-17 17:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2013-01-07 12:28 . 2001-08-17 17:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2013-01-07 12:27 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2013-01-07 12:26 . 2001-08-18 03:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2013-01-07 12:25 . 2008-04-14 10:41 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2013-01-07 12:24 . 2001-08-17 17:20 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2013-01-07 12:24 . 2008-04-14 03:06 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-01-07 12:24 . 2001-08-18 03:36 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2013-01-07 12:24 . 2001-08-17 18:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-01-07 12:24 . 2001-08-18 03:36 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2013-01-07 12:24 . 2001-08-17 19:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2013-01-07 12:24 . 2008-04-14 05:16 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2013-01-07 12:24 . 2008-04-14 05:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-01-07 12:24 . 2001-08-17 17:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-01-07 12:24 . 2001-08-17 19:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-01-07 12:24 . 2001-08-17 18:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2013-01-07 12:24 . 2001-08-17 19:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-01-07 12:24 . 2008-04-14 05:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2013-01-07 12:22 . 2013-01-07 13:51 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-01-06 16:33 . 2013-01-06 16:33 -------- d-----w- c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Opera
2013-01-06 16:33 . 2013-01-06 16:33 -------- d-----w- c:\program files\Opera
2013-01-06 03:00 . 2013-01-06 16:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 20:52 . 2013-01-04 20:52 -------- d-----w- c:\program files\Cisco Systems
2013-01-04 20:45 . 2013-01-04 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2013-01-02 13:38 . 2013-01-02 13:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-25 15:21 . 2012-12-25 15:21 -------- d-----w- c:\windows\system32\vscodecpack_173
2012-12-25 15:21 . 2012-12-25 15:31 -------- d-----w- c:\program files\VideoSpirit Pro
2012-12-25 15:20 . 2012-12-25 15:20 -------- d-----w- C:\Remote Programs
2012-12-25 15:20 . 2012-12-25 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2012-12-25 15:20 . 2012-09-03 15:24 57824 ----a-w- c:\windows\ExentInfo.exe
2012-12-25 15:20 . 2012-12-25 15:21 -------- d-----w- c:\program files\Free Ride Games
2012-12-25 15:17 . 2012-12-25 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-12-25 15:17 . 2012-12-25 15:18 -------- d-----w- c:\program files\NCH Software
2012-12-25 15:17 . 2012-12-25 15:18 -------- d-----w- c:\documents and settings\kaleefa munroe\Application Data\NCH Software
2012-12-23 19:46 . 2012-12-23 19:46 -------- d-----w- c:\program files\iPod
2012-12-23 19:46 . 2012-12-23 19:47 -------- d-----w- c:\program files\iTunes
2012-12-23 19:46 . 2012-12-23 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-06 16:35 . 2011-08-16 13:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2009-01-30 22:56 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2009-01-30 22:56 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2009-01-30 22:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2009-01-30 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2009-01-30 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2009-01-30 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2009-01-30 22:56 385024 ----a-w- c:\windows\system32\html.iec
2012-10-26 01:42 . 2012-10-26 01:42 163934 ----a-w- c:\windows\system32\DirShowEXDD.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-12-21 07:24 . 2012-01-06 16:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-31 39408]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"\\DB5B4R51\EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2007-01-25 179200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^kaleefa munroe^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\kaleefa munroe\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 22:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-26 20:51 16851456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINZIPDUDriverUpdater]
2011-11-10 15:02 1825608 ----a-w- c:\program files\WinZip Driver Updater\winzipdu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\kaleefa munroe\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [1/21/2009 12:59 PM 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [1/21/2009 12:59 PM 725248]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/30/2009 7:21 PM 4300]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 11:47 AM 202048]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute --> c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute [?]
R2 X4HSEx_Pr143;X4HSEx_Pr143;c:\program files\Free Ride Games\X4HSEx_Pr143.sys [12/25/2012 10:20 AM 58696]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [1/30/2009 7:25 PM 238464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [9/9/2009 10:07 AM 15872]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 6:57 PM 19840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 16:35]
.
2013-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:17]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:17]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045417087-778751197-4140145611-1005Core.job
- c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-05 20:47]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045417087-778751197-4140145611-1005UA.job
- c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-05 20:47]
.
2012-12-25 c:\windows\Tasks\Norton Security Scan for kaleefa munroe.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-09-21 08:30]
.
2012-12-25 c:\windows\Tasks\PhotoStageReminder.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-12-25 16:26]
.
2012-12-25 c:\windows\Tasks\PhotoStageSevenDays.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-12-25 16:26]
.
2012-12-25 c:\windows\Tasks\PrismReminder.job
- c:\program files\NCH Software\Prism\prism.exe [2012-12-25 22:33]
.
2012-12-25 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-12-25 15:17]
.
2012-12-25 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-12-25 16:42]
.
2012-12-25 c:\windows\Tasks\WavePadSevenDays.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-12-25 16:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\documents and settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
FF - ExtSQL: 2012-11-28 21:20; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2012-12-25 10:19; [email protected]; c:\documents and settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-09-03 14:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-11-28 21:20; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\03\08\15(\12>"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\spider.exe
.
**************************************************************************
.
Completion time: 2013-01-07 10:42:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-07 15:42
ComboFix2.txt 2013-01-06 02:48
.
Pre-Run: 35,392,995,328 bytes free
Post-Run: 35,427,606,528 bytes free
.
- - End Of File - - 96DDE09707BC7C5757D2A6481E9677BB
ComboFix 13-01-06.01 - kaleefa munroe 01/07/2013 10:26:32.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.664 [GMT -5:00]
Running from: c:\documents and settings\kaleefa munroe\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\kaleefa munroe\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_ctypes.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_elementtree.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_hashlib.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_socket.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\_ssl.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\pyexpat.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\pysqlite2._sqlite.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\python26.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\pythoncom26.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\PyWinTypes26.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\select.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\unicodedata.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32api.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32com.shell.shell.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32crypt.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32event.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32file.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32inet.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32pdh.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32process.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32profile.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32security.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\win32ts.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\windows._cacheinvalidation.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._controls_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._core_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._gdi_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._html2.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._misc_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._windows_.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wx._wizard.pyd
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxbase293u_net_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxbase293u_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_adv_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_core_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_html_vc.dll
c:\docume~1\KALEEF~1\LOCALS~1\Temp\_MEI26882\wxmsw293u_webview_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_ctypes.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_elementtree.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_hashlib.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_socket.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\_ssl.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\pyexpat.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\pysqlite2._sqlite.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\python26.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\pythoncom26.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\PyWinTypes26.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\select.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\unicodedata.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32api.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32com.shell.shell.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32crypt.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32event.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32file.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32inet.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32pdh.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32process.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32profile.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32security.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\win32ts.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\windows._cacheinvalidation.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._controls_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._core_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._gdi_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._html2.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._misc_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._windows_.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wx._wizard.pyd
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxbase293u_net_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxbase293u_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_adv_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_core_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_html_vc.dll
c:\documents and settings\kaleefa munroe\Local Settings\Temp\_MEI26882\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))))
.
.
2013-01-07 13:46 . 2013-01-07 14:01 -------- d-----w- c:\windows\system32\CatRoot2
2013-01-07 13:21 . 2013-01-07 13:51 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-01-07 13:21 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2013-01-07 13:17 . 2013-01-07 13:17 -------- d-----w- C:\RegBackup
2013-01-07 12:46 . 2001-08-17 19:56 91488 -c--a-w- c:\windows\system32\dllcache\n9i3disp.dll
2013-01-07 12:46 . 2001-08-17 17:50 27936 -c--a-w- c:\windows\system32\dllcache\n9i3d.sys
2013-01-07 12:46 . 2001-08-17 17:50 33088 -c--a-w- c:\windows\system32\dllcache\n9i128v2.sys
2013-01-07 12:46 . 2001-08-18 03:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2013-01-07 12:46 . 2001-08-17 17:50 13664 -c--a-w- c:\windows\system32\dllcache\n9i128.sys
2013-01-07 12:44 . 2008-04-14 05:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2013-01-07 12:44 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2013-01-07 12:44 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2013-01-07 12:44 . 2008-04-14 05:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2013-01-07 12:44 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2013-01-07 12:44 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2013-01-07 12:44 . 2008-04-14 05:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2013-01-07 12:44 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2013-01-07 12:43 . 2008-04-14 05:16 15232 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2013-01-07 12:43 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2013-01-07 12:43 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2013-01-07 12:43 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2013-01-07 12:43 . 2001-08-17 19:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2013-01-07 12:43 . 2008-04-14 05:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2013-01-07 12:43 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2013-01-07 12:43 . 2001-08-17 18:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2013-01-07 12:43 . 2001-08-17 17:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-01-07 12:43 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-01-07 12:41 . 2001-08-17 17:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2013-01-07 12:41 . 2001-08-17 17:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2013-01-07 12:41 . 2001-08-17 17:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2013-01-07 12:41 . 2001-08-17 18:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2013-01-07 12:41 . 2008-04-14 05:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2013-01-07 12:41 . 2001-08-17 17:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2013-01-07 12:41 . 2001-08-17 17:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2013-01-07 12:41 . 2001-08-18 03:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2013-01-07 12:41 . 2008-04-14 10:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2013-01-07 12:41 . 2008-04-14 10:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2013-01-07 12:40 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2013-01-07 12:40 . 2001-08-17 18:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2013-01-07 12:40 . 2008-04-14 10:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2013-01-07 12:40 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2013-01-07 12:40 . 2008-04-14 10:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2013-01-07 12:40 . 2008-04-14 05:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2013-01-07 12:40 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2013-01-07 12:40 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2013-01-07 12:40 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2013-01-07 12:40 . 2008-04-14 05:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2013-01-07 12:40 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2013-01-07 12:40 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2013-01-07 12:39 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2013-01-07 12:39 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-01-07 12:39 . 2001-08-17 19:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2013-01-07 12:39 . 2001-08-18 03:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2013-01-07 12:39 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2013-01-07 12:39 . 2001-08-17 19:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2013-01-07 12:39 . 2001-08-18 03:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2013-01-07 12:39 . 2001-08-18 03:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2013-01-07 12:39 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2013-01-07 12:39 . 2001-08-17 19:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2013-01-07 12:39 . 2001-08-17 19:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2013-01-07 12:39 . 2001-08-17 17:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2013-01-07 12:37 . 2001-08-17 18:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2013-01-07 12:37 . 2001-08-17 18:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2013-01-07 12:37 . 2001-08-17 18:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2013-01-07 12:37 . 2001-08-18 03:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2013-01-07 12:37 . 2001-08-17 18:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2013-01-07 12:37 . 2001-08-17 18:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2013-01-07 12:37 . 2001-08-17 18:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2013-01-07 12:37 . 2001-08-17 18:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2013-01-07 12:37 . 2001-08-17 18:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2013-01-07 12:37 . 2001-08-18 03:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2013-01-07 12:37 . 2001-08-17 18:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2013-01-07 12:35 . 2001-08-18 03:36 119296 -c--a-w- c:\windows\system32\dllcache\hpdigwia.dll
2013-01-07 12:34 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-01-07 12:34 . 2001-08-17 17:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2013-01-07 12:34 . 2001-08-17 17:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2013-01-07 12:34 . 2001-08-17 17:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2013-01-07 12:34 . 2001-08-17 17:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2013-01-07 12:34 . 2001-08-17 17:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2013-01-07 12:34 . 2008-04-14 03:05 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2013-01-07 12:34 . 2001-08-18 03:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2013-01-07 12:34 . 2001-08-17 17:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2013-01-07 12:34 . 2001-08-17 17:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2013-01-07 12:32 . 2001-08-17 17:19 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2013-01-07 12:31 . 2001-08-17 18:28 241206 -c--a-w- c:\windows\system32\dllcache\el656se5.sys
2013-01-07 12:30 . 2001-08-17 17:11 26698 -c--a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2013-01-07 12:29 . 2001-08-17 17:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2013-01-07 12:28 . 2001-08-17 17:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2013-01-07 12:27 . 2001-08-18 03:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2013-01-07 12:26 . 2001-08-18 03:36 9728 -c--a-w- c:\windows\system32\dllcache\brcoinst.dll
2013-01-07 12:25 . 2008-04-14 10:41 1888992 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2013-01-07 12:24 . 2001-08-17 17:20 96256 -c--a-w- c:\windows\system32\dllcache\ac97intc.sys
2013-01-07 12:24 . 2008-04-14 03:06 231552 -c--a-w- c:\windows\system32\dllcache\ac97ali.sys
2013-01-07 12:24 . 2001-08-18 03:36 462848 -c--a-w- c:\windows\system32\dllcache\a3dapi.dll
2013-01-07 12:24 . 2001-08-17 18:52 23552 -c--a-w- c:\windows\system32\dllcache\abp480n5.sys
2013-01-07 12:24 . 2001-08-18 03:36 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2013-01-07 12:24 . 2001-08-17 19:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2013-01-07 12:24 . 2008-04-14 05:16 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2013-01-07 12:24 . 2008-04-14 05:10 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2013-01-07 12:24 . 2001-08-17 17:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2013-01-07 12:24 . 2001-08-17 19:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2013-01-07 12:24 . 2001-08-17 18:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2013-01-07 12:24 . 2001-08-17 19:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2013-01-07 12:24 . 2008-04-14 05:16 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2013-01-07 12:22 . 2013-01-07 13:51 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-01-06 16:33 . 2013-01-06 16:33 -------- d-----w- c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Opera
2013-01-06 16:33 . 2013-01-06 16:33 -------- d-----w- c:\program files\Opera
2013-01-06 03:00 . 2013-01-06 16:35 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-04 20:52 . 2013-01-04 20:52 -------- d-----w- c:\program files\Cisco Systems
2013-01-04 20:45 . 2013-01-04 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems
2013-01-02 13:38 . 2013-01-02 13:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-12-25 15:21 . 2012-12-25 15:21 -------- d-----w- c:\windows\system32\vscodecpack_173
2012-12-25 15:21 . 2012-12-25 15:31 -------- d-----w- c:\program files\VideoSpirit Pro
2012-12-25 15:20 . 2012-12-25 15:20 -------- d-----w- C:\Remote Programs
2012-12-25 15:20 . 2012-12-25 15:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2012-12-25 15:20 . 2012-09-03 15:24 57824 ----a-w- c:\windows\ExentInfo.exe
2012-12-25 15:20 . 2012-12-25 15:21 -------- d-----w- c:\program files\Free Ride Games
2012-12-25 15:17 . 2012-12-25 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2012-12-25 15:17 . 2012-12-25 15:18 -------- d-----w- c:\program files\NCH Software
2012-12-25 15:17 . 2012-12-25 15:18 -------- d-----w- c:\documents and settings\kaleefa munroe\Application Data\NCH Software
2012-12-23 19:46 . 2012-12-23 19:46 -------- d-----w- c:\program files\iPod
2012-12-23 19:46 . 2012-12-23 19:47 -------- d-----w- c:\program files\iTunes
2012-12-23 19:46 . 2012-12-23 19:47 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-06 16:35 . 2011-08-16 13:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2009-01-30 22:56 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2009-01-30 22:56 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2009-01-30 22:56 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2009-01-30 22:56 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2009-01-30 22:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2009-01-30 22:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2009-01-30 22:56 385024 ----a-w- c:\windows\system32\html.iec
2012-10-26 01:42 . 2012-10-26 01:42 163934 ----a-w- c:\windows\system32\DirShowEXDD.dll
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-12-21 07:24 . 2012-01-06 16:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-31 39408]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-21 659456]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"\\DB5B4R51\EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2007-01-25 179200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2012-09-03 4895192]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^kaleefa munroe^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\kaleefa munroe\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 18:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-28 22:00 137752 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-08-26 20:51 16851456 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINZIPDUDriverUpdater]
2011-11-10 15:02 1825608 ----a-w- c:\program files\WinZip Driver Updater\winzipdu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\PPLive\\PPLive.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\kaleefa munroe\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
.
R0 SecureLockWare_EncryptFilterDriver;SecureLockWare Encryption Filter driver;c:\windows\system32\drivers\ENCRFIL.SYS [1/21/2009 12:59 PM 725120]
R0 SecureLockWare_EncryptFilterDriver2;SecureLockWare Encryption Filter driver Ver.2;c:\windows\system32\drivers\SLWFIL.SYS [1/21/2009 12:59 PM 725248]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [1/30/2009 7:21 PM 4300]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [9/7/2010 11:47 AM 202048]
R2 SecureLockWare_InputPassword;SecureLockWare Service;c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute --> c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe -Service_Execute [?]
R2 X4HSEx_Pr143;X4HSEx_Pr143;c:\program files\Free Ride Games\X4HSEx_Pr143.sys [12/25/2012 10:20 AM 58696]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [1/14/2008 10:01 PM 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [1/30/2009 7:25 PM 238464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [9/9/2009 10:07 AM 15872]
S3 SUEPD;SUE NDIS Protocol Driver;c:\windows\system32\drivers\SUE_PD.sys [8/1/2006 6:57 PM 19840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 16:35]
.
2013-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:17]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 21:17]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045417087-778751197-4140145611-1005Core.job
- c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-05 20:47]
.
2013-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4045417087-778751197-4140145611-1005UA.job
- c:\documents and settings\kaleefa munroe\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-05 20:47]
.
2012-12-25 c:\windows\Tasks\Norton Security Scan for kaleefa munroe.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-09-21 08:30]
.
2012-12-25 c:\windows\Tasks\PhotoStageReminder.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-12-25 16:26]
.
2012-12-25 c:\windows\Tasks\PhotoStageSevenDays.job
- c:\program files\NCH Software\PhotoStage\photostage.exe [2012-12-25 16:26]
.
2012-12-25 c:\windows\Tasks\PrismReminder.job
- c:\program files\NCH Software\Prism\prism.exe [2012-12-25 22:33]
.
2012-12-25 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2012-12-25 15:17]
.
2012-12-25 c:\windows\Tasks\WavePadReminder.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-12-25 16:42]
.
2012-12-25 c:\windows\Tasks\WavePadSevenDays.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2012-12-25 16:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 192.168.1.1
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://dl.pplive.com/PluginSetup.cab
FF - ProfilePath - c:\documents and settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
FF - ExtSQL: 2012-11-28 21:20; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: 2012-12-25 10:19; [email protected]; c:\documents and settings\kaleefa munroe\Application Data\Mozilla\Firefox\Profiles\wwvx6v0w.default\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2009-09-03 14:32; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2012-11-28 21:20; [email protected]; c:\program files\Mozilla Firefox\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-07 10:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\08\03\08\15(\12>"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2780)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
c:\program files\BUFFALO\Encrdisk\ENCRDLG.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\spider.exe
.
**************************************************************************
.
Completion time: 2013-01-07 10:42:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-07 15:42
ComboFix2.txt 2013-01-06 02:48
.
Pre-Run: 35,392,995,328 bytes free
Post-Run: 35,427,606,528 bytes free
.
- - End Of File - - 96DDE09707BC7C5757D2A6481E9677BB
#22
Posted 07 January 2013 - 09:59 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Lets run this very quickly through OTL
Just post the log that pops up on completion
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Just post the log that pops up on completion
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files c:\program files\Mozilla Firefox\extensions\[email protected]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#23
Posted 07 January 2013 - 10:32 AM
kellicanpelican
- Topic Starter
-
- Member
-
- 31 posts
Member
========== FILES ==========
c:\program files\Mozilla Firefox\extensions\[email protected]\chrome\content folder moved successfully.
c:\program files\Mozilla Firefox\extensions\[email protected]\chrome folder moved successfully.
c:\program files\Mozilla Firefox\extensions\[email protected] folder moved successfully.
OTL by OldTimer - Version 3.2.31.0 log created on 01072013_113154
c:\program files\Mozilla Firefox\extensions\[email protected]\chrome\content folder moved successfully.
c:\program files\Mozilla Firefox\extensions\[email protected]\chrome folder moved successfully.
c:\program files\Mozilla Firefox\extensions\[email protected] folder moved successfully.
OTL by OldTimer - Version 3.2.31.0 log created on 01072013_113154
#25
Posted 07 January 2013 - 10:38 AM
kellicanpelican
- Topic Starter
-
- Member
-
- 31 posts
Member
Firefox and chrome are running faster now, but I still got a pop up from nym1.ib.adnxs.com on firefox when I opened a news article on yahoo.com. InfoAtoms is still generating ads at the top of my google searches.
#27
Posted 07 January 2013 - 11:04 AM
kellicanpelican
- Topic Starter
-
- Member
-
- 31 posts
Member
I don't think firefox is letting me enable any add-ons while in safe mode?
Can I just delete all of the add-ons?
Can I just delete all of the add-ons?
#28
Posted 07 January 2013 - 12:08 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Have the infoatoms disappeared during safe mode operations ?
If so restart firefox normally and disable the addons one at a time until it disappears
If so restart firefox normally and disable the addons one at a time until it disappears
#29
Posted 07 January 2013 - 12:26 PM
kellicanpelican
- Topic Starter
-
- Member
-
- 31 posts
Member
It disappeared after I disabled ImTranslator 5.0.3
#30
Posted 07 January 2013 - 12:28 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Delete that from within firefox please as it does not show on the logs
Then let me know how your browsers are behaving
Then let me know how your browsers are behaving
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
