Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

E-mail got hacked. [Closed]


  • This topic is locked This topic is locked

#16
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here is the log. But I think initially I downloaded from the wrong place - not sure what I downloaded. It looked different than where I went to this time.
Sorry, I got confused.
Hope I didn't load anything else I shouldn't have.




# AdwCleaner v2.115 - Logfile created 03/19/2013 at 22:58:52
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Rose - ROSE-PC
# Boot Mode : Normal
# Running from : C:\Users\Rose\Desktop\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Swag_Bucks
Folder Deleted : C:\Users\Rose\AppData\Local\Conduit
Folder Deleted : C:\Users\Rose\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Rose\AppData\LocalLow\Swag_Bucks
Folder Deleted : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\Conduit
Folder Deleted : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Swag_Bucks
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5084FBD1-E493-4586-9C5A-9BC078F08D7B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5084FBD1-E493-4586-9C5A-9BC078F08D7B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2260173
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF932D9F-AAB6-4E4B-BE1E-ECC6FC761A92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0B0002A-0F8E-4E12-885C-AE3C8B506C96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5084FBD1-E493-4586-9C5A-9BC078F08D7B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Swag_Bucks Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Swag_Bucks
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\prefs.js

C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\user.js ... Deleted !

Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2260173.AppTrackingLastCheckTime", "Thu May 17 2012 06:33:23 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2260173.CT2260173", "CT2260173");
Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2260173.CurrentServerDate", "20-5-2012");
Deleted : user_pref("CT2260173.DSInstall", true);
Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Thu May 17 2012 06:33:16 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2260173.DownloadReferralCookieData", "");
Deleted : user_pref("CT2260173.EMailNotifierPollDate", "Fri May 18 2012 20:49:58 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Fri May 18 2012 20:49:59 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Fri May 18 2012 20:49:59 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Deleted : user_pref("CT2260173.FirstServerDate", "17-5-2012");
Deleted : user_pref("CT2260173.FirstTime", true);
Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Deleted : user_pref("CT2260173.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2260173.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2260173.HPInstall", false);
Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2260173.HomepageBeforeUnload", "hxxp://us.mc818.mail.yahoo.com/mc/welcome?.partner=sbc&[...]
Deleted : user_pref("CT2260173.Initialize", true);
Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2260173.InstallationType", "Unknown");
Deleted : user_pref("CT2260173.InstalledDate", "Thu May 17 2012 06:33:18 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2260173.InvalidateCache", false);
Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Deleted : user_pref("CT2260173.IsGrouping", false);
Deleted : user_pref("CT2260173.IsInitSetupIni", true);
Deleted : user_pref("CT2260173.IsMulticommunity", false);
Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Deleted : user_pref("CT2260173.IsProtectorsInit", true);
Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Sat May 19 2012 19:12:22 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2260173.LastLogin_3.12.2.3", "Sat May 19 2012 19:12:30 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT2260173.Locale", "en");
Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2260173.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2260173.RadioIsPodcast", false);
Deleted : user_pref("CT2260173.RadioLastCheckTime", "Fri May 18 2012 18:33:55 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2260173.RadioMediaID", "9942");
Deleted : user_pref("CT2260173.RadioMediaType", "Media Player");
Deleted : user_pref("CT2260173.RadioMenuSelectedID", "EBRadioMenu_CT22601739942");
Deleted : user_pref("CT2260173.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.RadioStationName", "1.FM%20(Country)");
Deleted : user_pref("CT2260173.RadioStationURL", "hxxp://1.fm/wm/energycountry32k.asx");
Deleted : user_pref("CT2260173.SearchCaption", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Sat May 19 2012 19:12:21 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2260173.SearchProtectorEnabled", true);
Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2260173.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Sat May 19 2012 19:12:19 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Sat May 19 2012 19:12:20 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2260173.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2260173.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Thu May 17 2012 06:33:09 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2260173.UserID", "UN78002784482162419");
Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2260173.WeatherNetwork", "");
Deleted : user_pref("CT2260173.WeatherPollDate", "Fri May 18 2012 20:50:02 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2260173.WeatherUnit", "F");
Deleted : user_pref("CT2260173.alertChannelId", "657446");
Deleted : user_pref("CT2260173.components.1000034", true);
Deleted : user_pref("CT2260173.components.1000082", true);
Deleted : user_pref("CT2260173.components.1000234", true);
Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Thu May 17 2012 06:33:15 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.initDone", true);
Deleted : user_pref("CT2260173.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2260173.isFirstRadioInstallation", false);
Deleted : user_pref("CT2260173.myStuffEnabled", true);
Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2260173.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2260173.testingCtid", "");
Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Sat May 19 2012 19:12:22 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Thu May 17 2012 06:33:17 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2260173.usagesFlag", 2);
Deleted : user_pref("CT2559647..clientLogIsEnabled", true);
Deleted : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2559647.CTID", "CT2559647");
Deleted : user_pref("CT2559647.CurrentServerDate", "4-9-2011");
Deleted : user_pref("CT2559647.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2559647.DialogsGetterLastCheckTime", "Sat Sep 03 2011 17:23:33 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2559647.DownloadReferralCookieData", "");
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sat Sep 03 2011 17:23:32 GMT-040[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sat Sep 03 2011 17:23:32 GMT-040[...]
Deleted : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sat Sep 03 2011 17:23:32 GMT-040[...]
Deleted : user_pref("CT2559647.FirstServerDate", "22-5-2011");
Deleted : user_pref("CT2559647.FirstTime", true);
Deleted : user_pref("CT2559647.FirstTimeFF3", true);
Deleted : user_pref("CT2559647.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2559647.HasUserGlobalKeys", true);
Deleted : user_pref("CT2559647.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2559647.Initialize", true);
Deleted : user_pref("CT2559647.InitializeCommonPrefs", true);
Deleted : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2559647.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2559647.InstalledDate", "Sun May 22 2011 09:14:25 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2559647.IsGrouping", false);
Deleted : user_pref("CT2559647.IsMulticommunity", false);
Deleted : user_pref("CT2559647.IsOpenThankYouPage", false);
Deleted : user_pref("CT2559647.IsOpenUninstallPage", false);
Deleted : user_pref("CT2559647.LanguagePackLastCheckTime", "Sat Sep 03 2011 17:23:32 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2559647.LastLogin_3.3.5.1", "Mon May 30 2011 22:47:12 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2559647.LastLogin_3.6.0.10", "Sat Sep 03 2011 17:23:33 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2559647.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2559647.Locale", "en");
Deleted : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2559647.MyStuffEnabledAtInstallation", false);
Deleted : user_pref("CT2559647.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2559647.SearchEngineBeforeUnload", "Coupons.com Customized Web Search");
Deleted : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Deleted : user_pref("CT2559647.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Sat Sep 03 2011 17:23:33 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2559647.SearchProtectorEnabled", true);
Deleted : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2559647.ServiceMapLastCheckTime", "Sat Sep 03 2011 17:23:32 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2559647.SettingsLastCheckTime", "Sat Sep 03 2011 17:23:32 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2559647.SettingsLastUpdate", "1312887586");
Deleted : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Sat Sep 03 2011 17:23:32 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Deleted : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2559647.Uninstall", true);
Deleted : user_pref("CT2559647.UserID", "UN08118769604332954");
Deleted : user_pref("CT2559647.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2559647.alertChannelId", "952537");
Deleted : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Sat Sep 03 2011 17:23:44 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.initDone", true);
Deleted : user_pref("CT2559647.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2559647.myStuffEnabled", true);
Deleted : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,129404749084494749,1294047[...]
Deleted : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2559647.testingCtid", "");
Deleted : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Sat Sep 03 2011 17:23:32 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Sat Sep 03 2011 17:23:33 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2559647.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2559647");
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/952537/948310/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2260173&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "swag_bucks");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rose\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://toolbartv.swagbucks.com", "912x276");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://toolbartv.swagbucks.com", "400x712");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2260173");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "swag_bucks");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2559647,CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2559647,CT2260173");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Mar 24 2011 06:26:43 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 17:53:26 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 22:06:24 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "{1be08dbf-f741-4039-890a-9f5b938fa07b}");
Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.ErEAhjUx9AyfBvMyaKHjag__.86400.1297548000-14658[...]
Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "EwaskUKt58o4VZ_KFswG2A__");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri May 18 2012 18:33:54 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.facebook.userId", "1465896931");
Deleted : user_pref("CommunityToolbar.globalUserId", "cbe050ad-7d53-40c5-8967-0ac10693cd47");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2260173");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 17 2012 06:33:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri May 18 2012 18:34:03 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri May 18 2012 18:33:55 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "909c104d-4a2a-48f3-a967-f6c92659a1a4");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://us.mc818.mail.yahoo.com/mc/welcome?.partner=s[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Coupons.com Customized Web Search");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&Sea[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=[...]

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Rose\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [28376 octets] - [19/03/2013 22:57:26]
AdwCleaner[R2].txt - [28437 octets] - [19/03/2013 22:58:23]
AdwCleaner[S1].txt - [28806 octets] - [19/03/2013 22:58:52]

########## EOF - C:\AdwCleaner[S1].txt - [28867 octets] ##########
  • 0

Advertisements


#17
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Thank you so much! I'll get back you with further instructions when I review with my teacher.

Joe
  • 0

#18
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hi Rose,

Lets uninstall Malwarebytes following the instructions below it maybe interfering. Then we will reinstall it and run a quick scan with it too.

  • Download the Malwarebytes Anti-Malware Cleanup Tool to your Windows desktop from Here
  • Once downloaded, double-click on the program to start it.
  • Click on the Yes button to have the program remove installations of Malwarebytes from your computer.
  • Reboot your computer when it ask.

Once that is completed reinstall Malwarebytes from Here

Lets do a quick scan with Malwarebytes now

Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Next

Can you post a fresh OTL Log for me too. Just open OTL and click "Run Scan" post the results of the scan to the forum.

In your next reply post

  • The new Malwarebytes log.
  • The new OTL LOG.

Thanks Rose and once again thank you for your patience,

Joe

Edited by zep516, 22 March 2013 - 02:40 PM.

  • 0

#19
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hello rose86420

Are your still with us.

Joe
  • 0

#20
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here's my new Malwarebytes Log

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.27.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Rose :: ROSE-PC [administrator]

3/26/2013 10:33:42 PM
mbam-log-2013-03-26 (22-33-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201031
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0

Here'e the new OTL log.

OTL logfile created on: 3/26/2013 10:42:42 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Rose\Desktop\OTL 3-14-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.46 Gb Total Space | 247.31 Gb Free Space | 85.74% Space Free | Partition Type: NTFS

Computer Name: ROSE-PC | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/12 21:01:32 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/10 18:10:56 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/08 21:34:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL 3-14-13\OTL(1).exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 12:39:42 | 000,206,336 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009/08/17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe
PRC - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/03/30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe


========== Modules (SafeList) ==========

MOD - [2013/03/06 18:32:40 | 000,246,592 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/04/08 21:34:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Rose\Desktop\OTL 3-14-13\OTL(1).exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2013/03/12 21:01:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/10 18:10:56 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/14 13:49:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/17 17:40:54 | 000,079,168 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\Program Files\Broadcom\BPowMon\BPowMon.exe -- (BPowMon)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/31 18:01:42 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)


========== Driver Services (SafeList) ==========

DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 18:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/08/09 19:55:53 | 000,228,376 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020)
DRV - [2012/07/29 20:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/08/21 16:50:48 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink ™


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://us.mc1848.mai...t in safe mode"
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.12.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/03/19 19:51:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 18:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 18:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 18:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 18:10:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/10 18:10:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 18:10:52 | 000,000,000 | ---D | M]

[2010/08/12 09:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Extensions
[2012/10/24 06:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\Profiles\sxnper0s.default\extensions
[2013/03/10 18:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/10 18:10:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
File not found (No name found) --
[2013/03/10 18:10:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2012/09/09 09:31:49 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2012/06/20 12:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2013/03/04 20:43:24 | 000,002,465 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2013/03/04 20:43:24 | 000,002,086 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/01/16 13:31:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/03/26 22:32:55 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Malwarebytes
[2013/03/26 22:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/26 22:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/26 22:32:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/03/26 22:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/26 22:26:08 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rose\Desktop\mbam-setup-1.70.0.1100(1).exe
[2013/03/26 22:14:55 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Rose\Desktop\mbam-clean-1.60.2.0003.exe
[2013/03/24 08:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/20 19:25:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/19 19:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/19 19:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/03/14 22:48:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/14 22:32:33 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\OTL 3-14-13
[2013/03/12 23:02:02 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/12 23:02:01 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/03/12 23:02:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/12 23:02:00 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/12 23:02:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/12 23:02:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/12 23:01:59 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/12 23:01:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/03/12 23:01:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/12 23:01:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/11 19:12:38 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2013/03/10 18:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/04 20:18:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/03/04 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\MFAData
[2013/03/04 20:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/03/04 20:18:53 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Avg2013
[2013/03/03 22:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/03/03 22:02:52 | 000,021,576 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/03/03 22:01:21 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/03/03 22:01:10 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/03 20:50:41 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\mbar
[2013/03/03 14:41:43 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\ElevatedDiagnostics
[2013/02/27 08:29:19 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\Programs
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/26 22:32:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/26 22:28:43 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rose\Desktop\mbam-setup-1.70.0.1100(1).exe
[2013/03/26 22:27:15 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 22:27:15 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 22:24:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/26 22:20:08 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/26 22:19:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 22:19:55 | 1582,931,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/26 22:14:58 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Rose\Desktop\mbam-clean-1.60.2.0003.exe
[2013/03/26 22:01:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/24 08:48:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/03/24 08:46:39 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/19 22:55:26 | 000,609,993 | ---- | M] () -- C:\Users\Rose\Desktop\AdwCleaner(1).exe
[2013/03/19 19:57:47 | 000,000,900 | ---- | M] () -- C:\Users\Rose\Desktop\NTREGOPT.lnk
[2013/03/19 19:57:47 | 000,000,881 | ---- | M] () -- C:\Users\Rose\Desktop\ERUNT.lnk
[2013/03/14 23:40:35 | 000,000,826 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2013/03/14 07:26:50 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/12 21:01:32 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/12 21:01:32 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/12 20:05:14 | 000,624,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/12 20:05:14 | 000,106,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/10 18:22:29 | 000,001,118 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/10 17:50:05 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/06 18:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/06 18:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/06 18:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/06 18:33:22 | 000,021,576 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswKbd.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/03/03 23:29:39 | 000,002,231 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/03 22:17:31 | 000,001,126 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/03/03 22:17:31 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/03/03 22:12:41 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/03 22:01:06 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/03/03 22:01:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/03/03 22:01:05 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/03/03 20:48:15 | 013,786,977 | ---- | M] () -- C:\Users\Rose\Desktop\mbar-1.01.0.1021.zip
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/26 22:32:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/24 08:46:39 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/19 22:57:10 | 000,609,993 | ---- | C] () -- C:\Users\Rose\Desktop\AdwCleaner(1).exe
[2013/03/19 19:52:51 | 000,000,900 | ---- | C] () -- C:\Users\Rose\Desktop\NTREGOPT.lnk
[2013/03/19 19:52:51 | 000,000,881 | ---- | C] () -- C:\Users\Rose\Desktop\ERUNT.lnk
[2013/03/03 22:17:31 | 000,001,126 | ---- | C] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/03/03 22:17:31 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2013/03/03 22:12:41 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/03/03 22:02:52 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/03 22:02:52 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/03 20:47:52 | 013,786,977 | ---- | C] () -- C:\Users\Rose\Desktop\mbar-1.01.0.1021.zip
[2012/07/23 20:19:22 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/05/08 09:15:53 | 000,000,036 | -H-- | C] () -- C:\Windows\System32\f9t.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/11 20:44:58 | 000,000,826 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010/08/11 20:44:58 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010/08/11 20:44:22 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/08/11 20:21:46 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010/08/11 20:17:04 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/08/04 21:32:03 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/04 20:40:42 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/08/04 20:40:42 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,294,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,384 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,502 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Sorry for my delay, Joe
  • 0

#21
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Thanks rose let me do a full review of the log and speak to my teacher.

Tell me any problems you are experiencing with the computer?
  • 0

#22
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I just found your last two e-mails in my spam folder. Funny, all your other e-mails came to my inbox. Now they are going to my spam folder.
  • 0

#23
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hi Rose,

What to do if an email was incorrectly marked as spam.

It's easy to move emails out of the spam folder and into the folder where you want it to be.

1. In your Spam folder, open the email that was marked as Spam.

2. Click the Not Spam button. That will send the E-Mail back to the inbox. May have to do it a few times and Yahoo Mail will learn that that perticular E-Mail is not spam.

More information Here

Next

Lets double check for any Malware.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. Windows 7 users: You will need to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
You will also need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image (Selecting Uninstall application on close if you so wish)

Please post the ESET Scan results in you next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Joe

Edited by zep516, 28 March 2013 - 01:26 PM.

  • 0

#24
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here's the new log

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=a2d0a5626f106c4eb25a80c1f187fb7a
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-16 07:03:10
# local_time=2011-01-16 02:03:10 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 12662033 12662033 0 0
# compatibility_mode=5893 16776573 100 94 77261 46748478 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=71436
# found=7
# cleaned=0
# scan_time=903
C:\Users\Rose\Downloads\winimg(2).exe a variant of Win32/VB.PKV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Rose\Downloads\winimg(3).exe a variant of Win32/VB.PKV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Rose\Downloads\winimg(4).exe a variant of Win32/VB.PKV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Rose\Downloads\winimg(5).exe a variant of Win32/VB.PKV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Rose\Downloads\winimg(6).exe a variant of Win32/VB.PKV trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Rose\Downloads\winimg.exe a variant of Win32/VB.PKV trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\01162011_123128\C_Windows Restore\20110115\20110115.exe a variant of Win32/VB.PKV trojan (unable to clean) 00000000000000000000000000000000 I
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=a2d0a5626f106c4eb25a80c1f187fb7a
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-23 01:56:49
# local_time=2011-01-22 08:56:49 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 13205249 13205249 0 0
# compatibility_mode=5893 16776573 100 94 0 47291694 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=70922
# found=6
# cleaned=6
# scan_time=906
C:\Users\Rose\Downloads\winimg(2).exe a variant of Win32/VB.PKV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Rose\Downloads\winimg(3).exe a variant of Win32/VB.PKV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Rose\Downloads\winimg(4).exe a variant of Win32/VB.PKV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Rose\Downloads\winimg(5).exe a variant of Win32/VB.PKV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Rose\Downloads\winimg(6).exe a variant of Win32/VB.PKV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Rose\Downloads\winimg.exe a variant of Win32/VB.PKV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a2d0a5626f106c4eb25a80c1f187fb7a
# engine=13513
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-03-29 05:36:43
# local_time=2013-03-29 01:36:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 116123394 0 0
# scanned=114291
# found=3
# cleaned=0
# scan_time=6309
sh=9C01EB33A7EBDA1219A44A7CC7387DD5BD1AEB7A ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2011-3544.AX trojan" ac=I fn="C:\Users\Rose\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\26f72c70-5d6bfa10"
sh=F53194FE335C1DF41F1BC945626206D3F844FA89 ft=1 fh=d05664838e1e7c7e vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Rose\Downloads\FoxitReader545.0124_enu_Setup.exe"
sh=C747A63AC671866ACE50AC14A92433D171883603 ft=1 fh=01ba258578a73c54 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Rose\Downloads\PDFViewer_Installer.exe.part"
  • 0

#25
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Thanks rose86420,

I'll review with my Teacher.

Joe
  • 0

Advertisements


#26
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Sorry for delay rose will post instruction soon. Easter was busy...
  • 0

#27
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
No problem, I've got my own things going on so I'm glad for the delay.
Rose
  • 0

#28
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hi rose,

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\Users\Rose\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\26f72c70-5d6bfa10"
    rd /s /q "C:\Users\Rose\Downloads\FoxitReader545.0124_enu_Setup.exe"
    rd /s /q "C:\Users\Rose\Downloads\PDFViewer_Installer.exe.part" 
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next

Lets remove some old versions of Java from your machine, please navagate to your programs an Features list, old versions of java can be an infection risk

Click start> control panel> Programs and Features in the list of programs please remove these items,

  • Java™ 6 Update 22
  • Java™ 6 Update 23
  • Java™ 6 Update 39
  • Java 7 Update 15
  • JavaFX 2.1.1

Next

You can up-Date your Java from Here

Let me know when you completed that and tell me how the computer is running.
  • 0

#29
rose86420

rose86420

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I removed all that I could find but I do not have Java 7 Update 15. I do have a Java 7 Update 17. Do I remove that one?
  • 0

#30
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,650 posts
Hi rose86420,

Yes you may keep that version of Java it's the latest version.

Also rose since the topic of Java has come up I'd like you to take the time and read This

*How is your computer running now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP