Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Startup .exe files and Bandwidth issues [Closed]


  • This topic is locked This topic is locked

#1
Steric

Steric

    Member

  • Member
  • PipPip
  • 47 posts
I`ve recently started looking into monitoring bandwidth usage because I`m on a limited usage plan and was going over my limits. Something didn`t feel right about it.

There are two computers in the home. One desktop one laptop. I installed Netlimiter on the laptop and have just installed it on the desktop tonight (so no data there yet). My ISP tells me that I used 2.2 GB down today, and the laptop shows a little over 500 megs down for the day. That said, the laptop was used to watch some shows on Netflix along with regular internet browsing, while the desktop was used only for basic browsing purposes...so how it managed to rack up 1.5 GB down (for the amount of time it was actually used today) is beyond me.

**Edit** Running netlimiter on the desktop showed me the following...In 10 minutes, with no programs running (other than netlimiter), no internet browser, no nothing, I had 30 Mb down and 9 up ***

When I go use msconfig at the command promp to get to my startup files there is a long list of YUR*.exe files that when I attempt to disable, they automatically renable themselves when I click apply. They look awfully fishy to me.

Any help sorting this out would be appreciated, thanks.
Here`s the OTL log:

OTL logfile created on: 2013-04-08 14:57:36 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Melanie\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

3,24 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 62,17% Memory free
4,72 Gb Paging File | 3,56 Gb Available in Paging File | 75,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,96 Gb Total Space | 3,59 Gb Free Space | 2,59% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,58 Gb Free Space | 65,84% Space Free | Partition Type: NTFS

Computer Name: MELANIE-PC | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-04-08 14:57:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Downloads\OTL.exe
PRC - [2013-04-03 21:39:23 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-01-29 10:01:02 | 000,147,533 | ---- | M] (Microsoft Corporation) -- C:\Users\Melanie\AppData\Local\{65382B45-7ADE-488A-36A8-32F7161ADBA6}\syshost.exe
PRC - [2013-01-13 12:47:14 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012-12-18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-12-16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2009-11-13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009-06-16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008-10-29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-01-19 03:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007-05-17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe


========== Modules (No Company Name) ==========

MOD - [2013-04-03 21:39:23 | 003,143,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013-01-13 12:47:14 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2007-09-25 07:10:48 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Services (SafeList) ==========

SRV - [2013-04-03 21:39:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-02-05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012-12-18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-03-18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009-12-16 16:44:36 | 003,750,400 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2009-11-13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009-06-16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008-04-22 09:25:02 | 000,163,840 | ---- | M] (Rogers Cable Communications) [Disabled | Stopped] -- C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe -- (RogersUpdateManager)
SRV - [2007-05-17 17:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Capt9052.sys -- (SQTECH9052)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\rp_skt32.sys -- (RPSKT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009-12-09 21:27:18 | 000,588,800 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2009-08-20 07:01:50 | 000,356,864 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2009-02-24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009-01-09 19:52:02 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008-05-06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007-05-03 12:21:08 | 000,029,056 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007-04-29 04:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007-04-10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006-11-02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006-10-13 23:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DACA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=0080416
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle...758B49499}&v=12
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}: "URL" = http://www.fastbrows...8-229758B49499}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7GGIE_en-GB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.fastbrows...363173148A}&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Melanie\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Melanie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2011-07-27 23:41:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-03 21:39:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-08 12:45:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-03 21:39:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-04-08 12:45:46 | 000,000,000 | ---D | M]

[2009-07-24 18:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\Mozilla\Extensions
[2013-03-28 06:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\309tdlpy.default\extensions
[2013-03-28 06:19:06 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\309tdlpy.default\extensions\cacaoweb@cacaoweb.org
[2012-02-02 08:31:02 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\309tdlpy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2010-11-30 21:06:18 | 000,010,078 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\309tdlpy.default\searchplugins\MyFunCardsbar.xml
[2013-04-03 21:39:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-04-03 21:39:23 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010-11-12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013-01-12 09:59:58 | 000,001,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012-10-24 14:54:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-12-05 00:46:04 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2013-02-20 10:05:07 | 000,001,472 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009-08-27 00:59:25 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009-08-27 00:59:25 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2013-01-12 09:59:58 | 000,001,399 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012-12-05 00:46:04 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Fast Browser Search (Enabled)
CHR - default_search_provider: search_url = http://www.fastbrows...9-D4363173148A}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Melanie\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Melanie\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Melanie\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Melanie\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Melanie\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Melanie\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006-09-18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKCU..\Run: [\YUR1EE5.exe] C:\Windows\system32\YUR1EE5.exe File not found
O4 - HKCU..\Run: [\YUR254B.exe] C:\Windows\system32\YUR254B.exe File not found
O4 - HKCU..\Run: [\YUR26B2.exe] C:\Windows\system32\YUR26B2.exe File not found
O4 - HKCU..\Run: [\YUR39C4.exe] C:\Windows\system32\YUR39C4.exe File not found
O4 - HKCU..\Run: [\YUR4AA6.exe] C:\Windows\system32\YUR4AA6.exe File not found
O4 - HKCU..\Run: [\YUR64AB.exe] C:\Windows\system32\YUR64AB.exe File not found
O4 - HKCU..\Run: [\YUR6576.exe] C:\Windows\system32\YUR6576.exe File not found
O4 - HKCU..\Run: [\YUR667F.exe] C:\Windows\system32\YUR667F.exe File not found
O4 - HKCU..\Run: [\YUR674A.exe] C:\Windows\system32\YUR674A.exe File not found
O4 - HKCU..\Run: [\YUR6769.exe] C:\Windows\system32\YUR6769.exe File not found
O4 - HKCU..\Run: [\YUR6778.exe] C:\Windows\system32\YUR6778.exe File not found
O4 - HKCU..\Run: [\YUR6834.exe] C:\Windows\system32\YUR6834.exe File not found
O4 - HKCU..\Run: [\YUR68DF.exe] C:\Windows\system32\YUR68DF.exe File not found
O4 - HKCU..\Run: [\YUR69BA.exe] C:\Windows\system32\YUR69BA.exe File not found
O4 - HKCU..\Run: [\YUR6A17.exe] C:\Windows\system32\YUR6A17.exe File not found
O4 - HKCU..\Run: [\YUR6A27.exe] C:\Windows\system32\YUR6A27.exe File not found
O4 - HKCU..\Run: [\YUR6A36.exe] C:\Windows\system32\YUR6A36.exe File not found
O4 - HKCU..\Run: [\YUR6B5F.exe] C:\Windows\system32\YUR6B5F.exe File not found
O4 - HKCU..\Run: [\YUR6B9D.exe] C:\Windows\system32\YUR6B9D.exe File not found
O4 - HKCU..\Run: [\YUR6CB6.exe] C:\Windows\system32\YUR6CB6.exe File not found
O4 - HKCU..\Run: [\YUR6CF4.exe] C:\Windows\system32\YUR6CF4.exe File not found
O4 - HKCU..\Run: [\YUR6D52.exe] C:\Windows\system32\YUR6D52.exe File not found
O4 - HKCU..\Run: [\YUR6D81.exe] C:\Windows\system32\YUR6D81.exe File not found
O4 - HKCU..\Run: [\YUR6EB9.exe] C:\Windows\system32\YUR6EB9.exe File not found
O4 - HKCU..\Run: [\YUR6F64.exe] C:\Windows\system32\YUR6F64.exe File not found
O4 - HKCU..\Run: [\YUR6FA3.exe] C:\Windows\system32\YUR6FA3.exe File not found
O4 - HKCU..\Run: [\YUR7010.exe] C:\Windows\system32\YUR7010.exe File not found
O4 - HKCU..\Run: [\YUR7222.exe] C:\Windows\system32\YUR7222.exe File not found
O4 - HKCU..\Run: [\YUR7242.exe] C:\Windows\system32\YUR7242.exe File not found
O4 - HKCU..\Run: [\YUR74F0.exe] C:\Windows\system32\YUR74F0.exe File not found
O4 - HKCU..\Run: [\YUR7686.exe] C:\Windows\system32\YUR7686.exe File not found
O4 - HKCU..\Run: [\YUR7879.exe] C:\Windows\system32\YUR7879.exe File not found
O4 - HKCU..\Run: [\YUR7AF9.exe] C:\Windows\system32\YUR7AF9.exe File not found
O4 - HKCU..\Run: [\YUR7C.exe] C:\Windows\system32\YUR7C.exe File not found
O4 - HKCU..\Run: [\YUR7DE5.exe] C:\Windows\system32\YUR7DE5.exe File not found
O4 - HKCU..\Run: [\YUR8719.exe] C:\Windows\system32\YUR8719.exe File not found
O4 - HKCU..\Run: [\YUR8748.exe] C:\Windows\system32\YUR8748.exe File not found
O4 - HKCU..\Run: [\YUR89D7.exe] C:\Windows\system32\YUR89D7.exe File not found
O4 - HKCU..\Run: [\YUR8C18.exe] C:\Windows\system32\YUR8C18.exe File not found
O4 - HKCU..\Run: [\YUR8D21.exe] C:\Windows\system32\YUR8D21.exe File not found
O4 - HKCU..\Run: [\YURA227.exe] C:\Windows\system32\YURA227.exe File not found
O4 - HKCU..\Run: [\YURA311.exe] C:\Windows\system32\YURA311.exe File not found
O4 - HKCU..\Run: [\YURAB4B.exe] C:\Windows\system32\YURAB4B.exe File not found
O4 - HKCU..\Run: [\YURB98E.exe] C:\Windows\system32\YURB98E.exe File not found
O4 - HKCU..\Run: [\YURBAC6.exe] C:\Windows\system32\YURBAC6.exe File not found
O4 - HKCU..\Run: [\YURC245.exe] C:\Windows\system32\YURC245.exe File not found
O4 - HKCU..\Run: [\YURC3CB.exe] C:\Windows\system32\YURC3CB.exe File not found
O4 - HKCU..\Run: [\YURC908.exe] C:\Windows\system32\YURC908.exe File not found
O4 - HKCU..\Run: [\YURD29.exe] C:\Windows\system32\YURD29.exe File not found
O4 - HKCU..\Run: [\YURD4FA.exe] C:\Windows\system32\YURD4FA.exe File not found
O4 - HKCU..\Run: [\YURF1AE.exe] C:\Windows\system32\YURF1AE.exe File not found
O4 - HKCU..\Run: [\YURFF7.exe] C:\Windows\system32\YURFF7.exe File not found
O4 - HKCU..\Run: [cacaoweb] C:\Users\Melanie\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AFCFC1F-1F9A-4D01-AF49-16A24E5168C8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
O24 - Desktop BackupWallPaper: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Fond d'écran.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7c650b66-cfcc-11df-8928-001d0994f0cd}\Shell - "" = AutoRun
O33 - MountPoints2\{7c650b66-cfcc-11df-8928-001d0994f0cd}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{7c650dc8-cfcc-11df-8928-001d0994f0cd}\Shell - "" = AutoRun
O33 - MountPoints2\{7c650dc8-cfcc-11df-8928-001d0994f0cd}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013-04-03 21:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013-03-29 07:41:13 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Documents\UDO
[2013-03-27 08:09:58 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\cacaoweb
[5 C:\Users\Melanie\Desktop\*.tmp files -> C:\Users\Melanie\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-04-08 14:48:36 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-04-08 14:48:36 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-04-08 14:43:05 | 000,450,560 | ---- | M] () -- C:\Users\Melanie\Desktop\cacaoweb.exe
[2013-04-08 14:41:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-04-08 14:41:29 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-04-08 14:41:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-04-07 15:17:34 | 000,157,822 | ---- | M] () -- C:\Users\Melanie\Desktop\625659_488774257848586_627026482_n.jpg
[2013-04-07 13:27:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013-04-06 09:46:48 | 000,100,791 | ---- | M] () -- C:\Users\Melanie\Desktop\320061_10151452132799079_1640871406_n.jpg
[2013-04-04 09:59:32 | 000,146,944 | ---- | M] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-04-01 22:03:09 | 000,018,362 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\wklnhst.dat
[2013-03-29 22:59:27 | 000,322,560 | ---- | M] () -- C:\Users\Melanie\Documents\PAP 3745.wps
[2013-03-24 18:14:28 | 000,002,659 | ---- | M] () -- C:\Users\Melanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Jasc Paint Shop Pro 9.lnk
[2013-03-10 03:47:17 | 000,057,624 | ---- | M] () -- C:\img2-001.raw
[5 C:\Users\Melanie\Desktop\*.tmp files -> C:\Users\Melanie\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-04-07 15:17:30 | 000,157,822 | ---- | C] () -- C:\Users\Melanie\Desktop\625659_488774257848586_627026482_n.jpg
[2013-04-06 09:46:47 | 000,100,791 | ---- | C] () -- C:\Users\Melanie\Desktop\320061_10151452132799079_1640871406_n.jpg
[2013-03-29 22:59:24 | 000,322,560 | ---- | C] () -- C:\Users\Melanie\Documents\PAP 3745.wps
[2013-03-27 08:09:58 | 000,450,560 | ---- | C] () -- C:\Users\Melanie\Desktop\cacaoweb.exe
[2012-06-19 09:56:55 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2011-03-29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\45556xx.ini
[2011-02-07 10:55:12 | 000,028,725 | ---- | C] () -- C:\Users\Melanie\68202_465810001244_534621244_6199101_5019794_n.jpg
[2011-02-02 20:27:18 | 000,129,721 | ---- | C] () -- C:\Users\Melanie\whitestripes.jpg
[2010-08-03 17:46:48 | 001,419,388 | ---- | C] () -- C:\Users\Melanie\dessin ophelie19.pspimage
[2010-08-03 14:18:09 | 001,711,512 | ---- | C] () -- C:\Users\Melanie\dessin ophelie18.pspimage
[2010-08-03 12:12:58 | 000,974,000 | ---- | C] () -- C:\Users\Melanie\desin ophelie17.pspimage
[2010-07-31 18:49:24 | 002,205,064 | ---- | C] () -- C:\ProgramData\shs_setup_4059-354328.exe
[2010-03-14 10:49:08 | 000,004,096 | -H-- | C] () -- C:\Users\Melanie\AppData\Local\keyfile3.drm
[2010-02-17 10:22:26 | 000,000,036 | ---- | C] () -- C:\Users\Melanie\AppData\Local\housecall.guid.cache
[2009-12-11 23:26:16 | 000,057,344 | ---- | C] () -- C:\Users\Melanie\lametritonus.dll
[2009-12-11 23:26:14 | 000,162,304 | ---- | C] () -- C:\Users\Melanie\lame_enc.dll
[2009-11-21 20:13:27 | 000,053,248 | ---- | C] () -- C:\Users\Melanie\lametritonus_en.dll
[2009-11-21 20:13:25 | 000,162,304 | ---- | C] () -- C:\Users\Melanie\lame_enc_en.dll
[2009-09-25 20:34:25 | 001,369,795 | R--- | C] () -- C:\Users\Melanie\parc2.jpg
[2009-09-25 20:33:28 | 001,528,063 | R--- | C] () -- C:\Users\Melanie\parc 2.jpg
[2009-06-14 06:20:28 | 001,900,184 | ---- | C] () -- C:\ProgramData\shs_setup_4056-345359.exe
[2008-08-23 03:29:55 | 000,352,632 | ---- | C] () -- C:\Users\Melanie\plage1.zip
[2008-08-13 19:59:23 | 000,000,653 | ---- | C] () -- C:\ProgramData\SHSupdates.xml
[2008-06-18 07:04:04 | 000,006,568 | ---- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2008-04-27 09:32:47 | 000,018,362 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\wklnhst.dat
[2008-04-26 18:07:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008-04-25 15:47:25 | 000,146,944 | ---- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006-11-02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1748892989-3932484505-3810695109-1000\$f441d169adca197fd375d8639656ddea\n. -- File not found

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-01-21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-03-03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008-01-19 03:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011-09-07 08:38:29 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\.minecraft
[2009-12-13 14:11:29 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Ambient Design
[2013-02-07 00:41:14 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\BitTorrent
[2013-04-08 10:29:43 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\cacaoweb
[2011-09-09 13:05:05 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Dev-Cpp
[2010-08-25 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Epson
[2010-03-13 09:52:54 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Facebook
[2009-11-22 22:49:49 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\LimeWire
[2008-04-28 19:05:52 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\ooVoo Details
[2009-03-19 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\OpenOffice.org
[2011-09-21 10:51:53 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Rogers Online Protection
[2008-04-27 14:53:58 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Template
[2010-10-08 21:02:54 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\Western Digital

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Melanie\Documents\holiday season2009 034.MPG:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Melanie\Documents\holiday season2009 033.MPG:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Melanie\Desktop\Wall-E.mp4:TOC.WMV

< End of report >

Edited by Steric, 27 April 2013 - 10:20 PM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Steric and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2013-01-29 10:01:02 | 000,147,533 | ---- | M] (Microsoft Corporation) -- C:\Users\Melanie\AppData\Local\{65382B45-7ADE-488A-36A8-32F7161ADBA6}\syshost.exe
    O4 - HKCU..\Run: [\YUR1EE5.exe] C:\Windows\system32\YUR1EE5.exe File not found
    O4 - HKCU..\Run: [\YUR254B.exe] C:\Windows\system32\YUR254B.exe File not found
    O4 - HKCU..\Run: [\YUR26B2.exe] C:\Windows\system32\YUR26B2.exe File not found
    O4 - HKCU..\Run: [\YUR39C4.exe] C:\Windows\system32\YUR39C4.exe File not found
    O4 - HKCU..\Run: [\YUR4AA6.exe] C:\Windows\system32\YUR4AA6.exe File not found
    O4 - HKCU..\Run: [\YUR64AB.exe] C:\Windows\system32\YUR64AB.exe File not found
    O4 - HKCU..\Run: [\YUR6576.exe] C:\Windows\system32\YUR6576.exe File not found
    O4 - HKCU..\Run: [\YUR667F.exe] C:\Windows\system32\YUR667F.exe File not found
    O4 - HKCU..\Run: [\YUR674A.exe] C:\Windows\system32\YUR674A.exe File not found
    O4 - HKCU..\Run: [\YUR6769.exe] C:\Windows\system32\YUR6769.exe File not found
    O4 - HKCU..\Run: [\YUR6778.exe] C:\Windows\system32\YUR6778.exe File not found
    O4 - HKCU..\Run: [\YUR6834.exe] C:\Windows\system32\YUR6834.exe File not found
    O4 - HKCU..\Run: [\YUR68DF.exe] C:\Windows\system32\YUR68DF.exe File not found
    O4 - HKCU..\Run: [\YUR69BA.exe] C:\Windows\system32\YUR69BA.exe File not found
    O4 - HKCU..\Run: [\YUR6A17.exe] C:\Windows\system32\YUR6A17.exe File not found
    O4 - HKCU..\Run: [\YUR6A27.exe] C:\Windows\system32\YUR6A27.exe File not found
    O4 - HKCU..\Run: [\YUR6A36.exe] C:\Windows\system32\YUR6A36.exe File not found
    O4 - HKCU..\Run: [\YUR6B5F.exe] C:\Windows\system32\YUR6B5F.exe File not found
    O4 - HKCU..\Run: [\YUR6B9D.exe] C:\Windows\system32\YUR6B9D.exe File not found
    O4 - HKCU..\Run: [\YUR6CB6.exe] C:\Windows\system32\YUR6CB6.exe File not found
    O4 - HKCU..\Run: [\YUR6CF4.exe] C:\Windows\system32\YUR6CF4.exe File not found
    O4 - HKCU..\Run: [\YUR6D52.exe] C:\Windows\system32\YUR6D52.exe File not found
    O4 - HKCU..\Run: [\YUR6D81.exe] C:\Windows\system32\YUR6D81.exe File not found
    O4 - HKCU..\Run: [\YUR6EB9.exe] C:\Windows\system32\YUR6EB9.exe File not found
    O4 - HKCU..\Run: [\YUR6F64.exe] C:\Windows\system32\YUR6F64.exe File not found
    O4 - HKCU..\Run: [\YUR6FA3.exe] C:\Windows\system32\YUR6FA3.exe File not found
    O4 - HKCU..\Run: [\YUR7010.exe] C:\Windows\system32\YUR7010.exe File not found
    O4 - HKCU..\Run: [\YUR7222.exe] C:\Windows\system32\YUR7222.exe File not found
    O4 - HKCU..\Run: [\YUR7242.exe] C:\Windows\system32\YUR7242.exe File not found
    O4 - HKCU..\Run: [\YUR74F0.exe] C:\Windows\system32\YUR74F0.exe File not found
    O4 - HKCU..\Run: [\YUR7686.exe] C:\Windows\system32\YUR7686.exe File not found
    O4 - HKCU..\Run: [\YUR7879.exe] C:\Windows\system32\YUR7879.exe File not found
    O4 - HKCU..\Run: [\YUR7AF9.exe] C:\Windows\system32\YUR7AF9.exe File not found
    O4 - HKCU..\Run: [\YUR7C.exe] C:\Windows\system32\YUR7C.exe File not found
    O4 - HKCU..\Run: [\YUR7DE5.exe] C:\Windows\system32\YUR7DE5.exe File not found
    O4 - HKCU..\Run: [\YUR8719.exe] C:\Windows\system32\YUR8719.exe File not found
    O4 - HKCU..\Run: [\YUR8748.exe] C:\Windows\system32\YUR8748.exe File not found
    O4 - HKCU..\Run: [\YUR89D7.exe] C:\Windows\system32\YUR89D7.exe File not found
    O4 - HKCU..\Run: [\YUR8C18.exe] C:\Windows\system32\YUR8C18.exe File not found
    O4 - HKCU..\Run: [\YUR8D21.exe] C:\Windows\system32\YUR8D21.exe File not found
    O4 - HKCU..\Run: [\YURA227.exe] C:\Windows\system32\YURA227.exe File not found
    O4 - HKCU..\Run: [\YURA311.exe] C:\Windows\system32\YURA311.exe File not found
    O4 - HKCU..\Run: [\YURAB4B.exe] C:\Windows\system32\YURAB4B.exe File not found
    O4 - HKCU..\Run: [\YURB98E.exe] C:\Windows\system32\YURB98E.exe File not found
    O4 - HKCU..\Run: [\YURBAC6.exe] C:\Windows\system32\YURBAC6.exe File not found
    O4 - HKCU..\Run: [\YURC245.exe] C:\Windows\system32\YURC245.exe File not found
    O4 - HKCU..\Run: [\YURC3CB.exe] C:\Windows\system32\YURC3CB.exe File not found
    O4 - HKCU..\Run: [\YURC908.exe] C:\Windows\system32\YURC908.exe File not found
    O4 - HKCU..\Run: [\YURD29.exe] C:\Windows\system32\YURD29.exe File not found
    O4 - HKCU..\Run: [\YURD4FA.exe] C:\Windows\system32\YURD4FA.exe File not found
    O4 - HKCU..\Run: [\YURF1AE.exe] C:\Windows\system32\YURF1AE.exe File not found
    O4 - HKCU..\Run: [\YURFF7.exe] C:\Windows\system32\YURFF7.exe File not found
    O4 - HKCU..\Run: [cacaoweb] C:\Users\Melanie\AppData\Roaming\cacaoweb\cacaoweb.exe ()
    [2013-03-27 08:09:58 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\cacaoweb
    [2013-04-08 14:43:05 | 000,450,560 | ---- | M] () -- C:\Users\Melanie\Desktop\cacaoweb.exe
    [2013-04-08 10:29:43 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\cacaoweb

    :Files
    C:\Users\Melanie\AppData\Local\{65382B45-7ADE-488A-36A8-32F7161ADBA6}
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles



Step 2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
Steric

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thank you for the response.

OTL appears to crash/hang (Not Responding) when it reaches the emptytemp command
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Let's change Step 1 and try it without emptytemp for now.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2013-01-29 10:01:02 | 000,147,533 | ---- | M] (Microsoft Corporation) -- C:\Users\Melanie\AppData\Local\{65382B45-7ADE-488A-36A8-32F7161ADBA6}\syshost.exe
    O4 - HKCU..\Run: [\YUR1EE5.exe] C:\Windows\system32\YUR1EE5.exe File not found
    O4 - HKCU..\Run: [\YUR254B.exe] C:\Windows\system32\YUR254B.exe File not found
    O4 - HKCU..\Run: [\YUR26B2.exe] C:\Windows\system32\YUR26B2.exe File not found
    O4 - HKCU..\Run: [\YUR39C4.exe] C:\Windows\system32\YUR39C4.exe File not found
    O4 - HKCU..\Run: [\YUR4AA6.exe] C:\Windows\system32\YUR4AA6.exe File not found
    O4 - HKCU..\Run: [\YUR64AB.exe] C:\Windows\system32\YUR64AB.exe File not found
    O4 - HKCU..\Run: [\YUR6576.exe] C:\Windows\system32\YUR6576.exe File not found
    O4 - HKCU..\Run: [\YUR667F.exe] C:\Windows\system32\YUR667F.exe File not found
    O4 - HKCU..\Run: [\YUR674A.exe] C:\Windows\system32\YUR674A.exe File not found
    O4 - HKCU..\Run: [\YUR6769.exe] C:\Windows\system32\YUR6769.exe File not found
    O4 - HKCU..\Run: [\YUR6778.exe] C:\Windows\system32\YUR6778.exe File not found
    O4 - HKCU..\Run: [\YUR6834.exe] C:\Windows\system32\YUR6834.exe File not found
    O4 - HKCU..\Run: [\YUR68DF.exe] C:\Windows\system32\YUR68DF.exe File not found
    O4 - HKCU..\Run: [\YUR69BA.exe] C:\Windows\system32\YUR69BA.exe File not found
    O4 - HKCU..\Run: [\YUR6A17.exe] C:\Windows\system32\YUR6A17.exe File not found
    O4 - HKCU..\Run: [\YUR6A27.exe] C:\Windows\system32\YUR6A27.exe File not found
    O4 - HKCU..\Run: [\YUR6A36.exe] C:\Windows\system32\YUR6A36.exe File not found
    O4 - HKCU..\Run: [\YUR6B5F.exe] C:\Windows\system32\YUR6B5F.exe File not found
    O4 - HKCU..\Run: [\YUR6B9D.exe] C:\Windows\system32\YUR6B9D.exe File not found
    O4 - HKCU..\Run: [\YUR6CB6.exe] C:\Windows\system32\YUR6CB6.exe File not found
    O4 - HKCU..\Run: [\YUR6CF4.exe] C:\Windows\system32\YUR6CF4.exe File not found
    O4 - HKCU..\Run: [\YUR6D52.exe] C:\Windows\system32\YUR6D52.exe File not found
    O4 - HKCU..\Run: [\YUR6D81.exe] C:\Windows\system32\YUR6D81.exe File not found
    O4 - HKCU..\Run: [\YUR6EB9.exe] C:\Windows\system32\YUR6EB9.exe File not found
    O4 - HKCU..\Run: [\YUR6F64.exe] C:\Windows\system32\YUR6F64.exe File not found
    O4 - HKCU..\Run: [\YUR6FA3.exe] C:\Windows\system32\YUR6FA3.exe File not found
    O4 - HKCU..\Run: [\YUR7010.exe] C:\Windows\system32\YUR7010.exe File not found
    O4 - HKCU..\Run: [\YUR7222.exe] C:\Windows\system32\YUR7222.exe File not found
    O4 - HKCU..\Run: [\YUR7242.exe] C:\Windows\system32\YUR7242.exe File not found
    O4 - HKCU..\Run: [\YUR74F0.exe] C:\Windows\system32\YUR74F0.exe File not found
    O4 - HKCU..\Run: [\YUR7686.exe] C:\Windows\system32\YUR7686.exe File not found
    O4 - HKCU..\Run: [\YUR7879.exe] C:\Windows\system32\YUR7879.exe File not found
    O4 - HKCU..\Run: [\YUR7AF9.exe] C:\Windows\system32\YUR7AF9.exe File not found
    O4 - HKCU..\Run: [\YUR7C.exe] C:\Windows\system32\YUR7C.exe File not found
    O4 - HKCU..\Run: [\YUR7DE5.exe] C:\Windows\system32\YUR7DE5.exe File not found
    O4 - HKCU..\Run: [\YUR8719.exe] C:\Windows\system32\YUR8719.exe File not found
    O4 - HKCU..\Run: [\YUR8748.exe] C:\Windows\system32\YUR8748.exe File not found
    O4 - HKCU..\Run: [\YUR89D7.exe] C:\Windows\system32\YUR89D7.exe File not found
    O4 - HKCU..\Run: [\YUR8C18.exe] C:\Windows\system32\YUR8C18.exe File not found
    O4 - HKCU..\Run: [\YUR8D21.exe] C:\Windows\system32\YUR8D21.exe File not found
    O4 - HKCU..\Run: [\YURA227.exe] C:\Windows\system32\YURA227.exe File not found
    O4 - HKCU..\Run: [\YURA311.exe] C:\Windows\system32\YURA311.exe File not found
    O4 - HKCU..\Run: [\YURAB4B.exe] C:\Windows\system32\YURAB4B.exe File not found
    O4 - HKCU..\Run: [\YURB98E.exe] C:\Windows\system32\YURB98E.exe File not found
    O4 - HKCU..\Run: [\YURBAC6.exe] C:\Windows\system32\YURBAC6.exe File not found
    O4 - HKCU..\Run: [\YURC245.exe] C:\Windows\system32\YURC245.exe File not found
    O4 - HKCU..\Run: [\YURC3CB.exe] C:\Windows\system32\YURC3CB.exe File not found
    O4 - HKCU..\Run: [\YURC908.exe] C:\Windows\system32\YURC908.exe File not found
    O4 - HKCU..\Run: [\YURD29.exe] C:\Windows\system32\YURD29.exe File not found
    O4 - HKCU..\Run: [\YURD4FA.exe] C:\Windows\system32\YURD4FA.exe File not found
    O4 - HKCU..\Run: [\YURF1AE.exe] C:\Windows\system32\YURF1AE.exe File not found
    O4 - HKCU..\Run: [\YURFF7.exe] C:\Windows\system32\YURFF7.exe File not found
    O4 - HKCU..\Run: [cacaoweb] C:\Users\Melanie\AppData\Roaming\cacaoweb\cacaoweb.exe ()
    [2013-03-27 08:09:58 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\cacaoweb
    [2013-04-08 14:43:05 | 000,450,560 | ---- | M] () -- C:\Users\Melanie\Desktop\cacaoweb.exe
    [2013-04-08 10:29:43 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\cacaoweb

    :Files
    C:\Users\Melanie\AppData\Local\{65382B45-7ADE-488A-36A8-32F7161ADBA6}
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#5
Steric

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Just an update to say I`m still working at this.
I can see why clearing out the temp internet files ahead of time with OTL would have been useful...
The Malware scan has been running forever...literally

Elapsed time: 28 hours 35 min (and counting)

It`s still going through the temp internet files directory.

3 Objects detected up to this point.

I`ll add to the initial problem description that I`ve noticed it also appears that hard drive space (and rather large chunks) seem to fill up/disappear randomly.

Will post the logs as you suggested when the scan is finally complete.

Thanks.
  • 0

#6
Steric

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
========== OTL ==========
No active process named syshost.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR1EE5.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR254B.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR26B2.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR39C4.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR4AA6.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR64AB.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6576.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR667F.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR674A.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6769.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6778.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6834.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR68DF.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR69BA.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6A17.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6A27.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6A36.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6B5F.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6B9D.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6CB6.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6CF4.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6D52.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6D81.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6EB9.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6F64.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR6FA3.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7010.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7222.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7242.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR74F0.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7686.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7879.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7AF9.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7C.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR7DE5.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR8719.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR8748.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR89D7.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR8C18.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YUR8D21.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURA227.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURA311.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURAB4B.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURB98E.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURBAC6.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURC245.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURC3CB.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURC908.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURD29.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURD4FA.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURF1AE.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\\YURFF7.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb not found.
File C:\Users\Melanie\AppData\Roaming\cacaoweb\cacaoweb.exe not found.
Folder C:\Users\Melanie\AppData\Roaming\cacaoweb\ not found.
File C:\Users\Melanie\Desktop\cacaoweb.exe not found.
Folder C:\Users\Melanie\AppData\Roaming\cacaoweb\ not found.
========== FILES ==========
File\Folder C:\Users\Melanie\AppData\Local\{65382B45-7ADE-488A-36A8-32F7161ADBA6} not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Melanie\Downloads\cmd.bat deleted successfully.
C:\Users\Melanie\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05032013_164915
  • 0

#7
Steric

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.03.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Melanie :: MELANIE-PC [administrator]

Protection: Enabled

2013-05-03 17:11:29
mbam-log-2013-05-03 (17-11-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 2135611
Time elapsed: 1 day(s), 9 hour(s), 35 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$Recycle.Bin\S-1-5-21-1748892989-3932484505-3810695109-1000\$f441d169adca197fd375d8639656ddea\n (Trojan.0Access) -> Delete on reboot.
C:\Users\Melanie\Local Settings\Temporary Internet Files\Content.IE5\0LZB1NCC\FBStoolbar[1].cab (PUP.Fbsearch) -> Quarantined and deleted successfully.
C:\Users\Melanie\Local Settings\Temporary Internet Files\Content.IE5\1GOOHIOV\XvidSetup[1].exe (Adware.HotBar) -> Quarantined and deleted successfully.

(end)
  • 0

#8
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Steric,

OK. I would like to see this log.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply
  • 0

#9
Steric

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I ran combo fix last night...the blue box came up...it completed 4 steps/levels then seemed to hang at that spot. I left it there overnight...when I got up this morning the blue box was gone...and there is a combofix directory on the C drive which appears to replicate the C drive, but I don`t see a log file anywhere on the C drive, not on the replicated C drive, and not on the desktop where I ran combofix from either. Nothing comes up in a file search for it either. Perhaps it didn`t run properly?
  • 0

#10
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Can you please try to restart your system once. Try to find log then. If you can't find it then try to run Combofix one more time and let me know results.
  • 0

#11
Steric

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Restarted. Re-ran. Restarted. Having the same issue. Combofix completes 4 steps then hangs for however long I would let it hang there (12 hours later no change). No log as it appears to not complete its process.
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's install the free Avast:

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

After the scan try to find scan log in

XP –> C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt

Vista/7 –> C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt

and post it here for me.
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP