Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

White Screen Malware [Closed]

Started by drsyesta , Jun 02 2013 04:22 PM

  • This topic is locked This topic is locked

#1
drsyesta
Posted 02 June 2013 - 04:22 PM

drsyesta

    New Member

  • Member
  • Pip
  • 4 posts
White screen on windows vista with Evidence of malware similar to the Topic here: http://www.geekstogo...-windows-vista/
  • 0

Advertisements

#2
drsyesta
Posted 02 June 2013 - 04:26 PM

drsyesta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Results From Farbar Recovery Tool:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013
Ran by SYSTEM on 02-06-2013 11:17:51
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1237288 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163568 2010-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [122880 2009-10-02] (Google Inc.)
HKLM-x32\...\Run: [hpqSRMon] [x]
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Owner\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\Owner\...\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun [1555968 2009-04-10] (Microsoft Corporation)
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Owner\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [3325952 2009-03-28] (Electronic Arts)
HKU\Owner\...\Run: [23094848483939484] C:\ProgramData\nol\mrgdll.exe [x]
HKU\Owner\...\Run: [21098746521098765] C:\ProgramData\nol\wox.exe [x]
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-23] (Google Inc.)
HKU\Owner\...\Run: [doubleTwist] "C:\Program Files (x86)\doubleTwist 2.0\doubleTwist.DeviceHelper.exe" [x]
HKU\Owner\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1093 2011-02-25] ()
HKU\Owner\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Owner\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\Owner\...\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [7880664 2013-01-08] (Spotify Ltd)
HKU\Owner\...\Run: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2013-01-08] (Spotify Ltd)
HKU\Owner\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\Owner\...\Run: [{7EF5F6EE-3F79-4809-88E6-99A8E83F7F9B}] rundll32 "C:\Users\Owner\AppData\Local\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}\{7EF5F6EE-3F79-4809-88E6-99A8E83F7F9B}\zzrcrthp.dll",DllRegisterServer [534528 2013-06-01] (Autodesk, Inc.) <===== ATTENTION
HKU\Owner\...\Run: [Apple Computer] rundll32.exe "C:\Users\Owner\AppData\Local\Apple Computer\kmamifzd.dll",jmvden [824320 2013-06-01] (Parallels) <===== ATTENTION
HKU\Owner\...\Run: [] C:\Users\Owner\spoolsv.exe [119808 2013-06-02] (Mail.Ru)
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad\ffacfeacadcfad.exe [118784 2013-06-02] ()
HKU\Owner\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad\ffacfeacadcfad.exe [118784 2013-06-02] ()
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [156672 2011-11-18] (Handy-Software INC.) <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 gupdate1ca2438b0d0d120; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-08-23] (Google Inc.)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\5.0.0.125\diMaster.dll [262584 2010-12-02] (Symantec Corporation)
S2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] ()
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

S3 ActionReplayDS; C:\Windows\System32\Drivers\ActionReplayDS_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHDrvx64.sys [1143416 2011-05-19] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-05-09] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [136824 2011-05-09] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110715.032\IDSvia64.sys [488056 2011-07-08] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174640 2011-07-15] (Symantec Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [x]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110715.019\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110715.019\EX64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\0500000.07D\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\0500000.07D\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\0500000.07D\Ironx64.SYS [x]
S3 SYMTDIv; \SystemRoot\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-02 11:17 - 2013-06-02 11:17 - 00000000 ____D C:\FRST
2013-06-02 06:17 - 2013-06-02 06:17 - 00013239 ____A C:\Users\Owner\Desktop\hs_err_pid6520.log
2013-06-02 06:16 - 2013-06-02 06:16 - 00095744 ____A (Mail.Ru) C:\Users\Owner\skype434450.exe
2013-06-02 06:13 - 2013-06-02 06:14 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\conhost226777.exe
2013-06-02 06:07 - 2013-06-02 06:36 - 00000732 ____A C:\Users\Owner\Local Settings\d3d9caps64.dat
2013-06-02 06:07 - 2013-06-02 06:36 - 00000732 ____A C:\Users\Owner\Local Settings\Application Data\d3d9caps64.dat
2013-06-02 06:07 - 2013-06-02 06:36 - 00000732 ____A C:\Users\Owner\AppData\Local\d3d9caps64.dat
2013-06-02 05:46 - 2013-06-02 05:46 - 00013241 ____A C:\Users\Owner\Desktop\hs_err_pid9112.log
2013-06-02 05:45 - 2013-06-02 05:45 - 00095744 ____A (Mail.Ru) C:\Users\Owner\acrobatreader978879.exe
2013-06-02 05:42 - 2013-06-02 05:43 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\spoolsv565326.exe
2013-06-02 05:27 - 2013-06-02 05:27 - 00012939 ____A C:\Users\Owner\Desktop\hs_err_pid7044.log
2013-06-02 05:26 - 2013-06-02 05:26 - 00095744 ____A (Mail.Ru) C:\Users\Owner\acrobat642980.exe
2013-06-02 05:24 - 2013-06-02 05:24 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\conhost673491.exe
2013-06-02 04:56 - 2013-06-02 04:56 - 00013180 ____A C:\Users\Owner\Desktop\hs_err_pid7208.log
2013-06-02 04:55 - 2013-06-02 04:55 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\jucheck201146.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00119808 ____A (Mail.Ru) C:\Users\Owner\spoolsv.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00095744 ____A (Mail.Ru) C:\Users\Owner\csrss.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00013138 ____A C:\Users\Owner\Desktop\hs_err_pid7596.log
2013-06-02 04:55 - 2013-06-02 04:55 - 00000000 ____A C:\Users\Owner\googleupdate248342.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00000000 ____A C:\Users\Owner\acrobatreader875261.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\acrobatreader.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00118784 ____A C:\Users\Owner\notepad.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00095744 ____A (Mail.Ru) C:\Users\Owner\teamviewer.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00000000 ____A C:\Users\Owner\opera.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00000000 ____A C:\Users\Owner\chrome.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\conhost.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00118784 ____A C:\Users\Owner\googleupdate.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00095744 ____A (Mail.Ru) C:\Users\Owner\msconfig.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00000000 ____A C:\Users\Owner\winlogon.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00000000 ____A C:\Users\Owner\skype.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\flashplayer.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00118784 ____A C:\Users\Owner\icq.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00095744 ____A (Mail.Ru) C:\Users\Owner\jqs.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00000000 ____A C:\Users\Owner\rundll32.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00000000 ____A C:\Users\Owner\iexplore.exe
2013-06-02 04:23 - 2013-06-02 08:00 - 00000004 ____A C:\Users\Owner\Application Data\skype.ini
2013-06-02 04:23 - 2013-06-02 08:00 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-06-02 04:20 - 2013-06-02 08:00 - 00000328 ___AH C:\Windows\Tasks\{9385C8F8-FFE7-43CD-A228-830CA9765781}.job
2013-06-02 04:20 - 2013-06-02 04:20 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\java.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00119808 ____A (Mail.Ru) C:\Users\Owner\firefox.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00118784 ____A C:\Users\Owner\acrobat.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00095744 ____A (Mail.Ru) C:\Users\Owner\ctfmon.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00095744 ____A (Mail.Ru) C:\Users\Owner\alg.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____D C:\Users\Owner\Local Settings\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____D C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\windowsupdate.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\vlcplayer.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\mstsc.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\jucheck.exe
2013-06-01 03:43 - 2013-06-01 03:43 - 01858464 ____A (Coupons.com Incorporated) C:\Users\Owner\Downloads\couponprinter(2).exe
2013-06-01 03:41 - 2013-06-01 03:41 - 01858464 ____A (Coupons.com Incorporated) C:\Users\Owner\Downloads\couponprinter.exe
2013-06-01 03:41 - 2013-06-01 03:41 - 01858464 ____A (Coupons.com Incorporated) C:\Users\Owner\Downloads\couponprinter(1).exe
2013-05-30 17:57 - 2013-05-30 17:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{61BE0E30-4670-49DF-B7D2-9A3C6DD081C6}
2013-05-30 17:57 - 2013-05-30 17:57 - 00000000 ____D C:\Users\Owner\Local Settings\{61BE0E30-4670-49DF-B7D2-9A3C6DD081C6}
2013-05-30 17:57 - 2013-05-30 17:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{61BE0E30-4670-49DF-B7D2-9A3C6DD081C6}
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{81321C8D-7177-45DF-9784-E9D9ECAC4A20}
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\Owner\Local Settings\{81321C8D-7177-45DF-9784-E9D9ECAC4A20}
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{81321C8D-7177-45DF-9784-E9D9ECAC4A20}
2013-05-26 13:08 - 2013-05-26 13:08 - 00000475 ____A C:\Users\Owner\Desktop\url.htm
2013-05-25 16:02 - 2013-05-25 16:09 - 00000000 ____D C:\Users\Owner\Application Data\.minecraft
2013-05-25 16:02 - 2013-05-25 16:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft
2013-05-25 16:02 - 2010-09-25 01:15 - 00232159 ____A C:\Users\Owner\Desktop\Minecraft.exe
2013-05-21 17:24 - 2013-05-21 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-18 21:29 - 2013-05-18 21:29 - 00002043 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
2013-05-18 12:47 - 2013-05-18 12:48 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 12:47 - 2013-05-18 12:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 12:47 - 2013-05-18 12:48 - 00000000 ____D C:\Program Files\iTunes
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 ____D C:\Program Files\iPod
2013-05-18 08:05 - 2013-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8BF36A1F-C62D-4195-8E63-F3EC737FFB6B}
2013-05-18 08:05 - 2013-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\{8BF36A1F-C62D-4195-8E63-F3EC737FFB6B}
2013-05-18 08:05 - 2013-05-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{8BF36A1F-C62D-4195-8E63-F3EC737FFB6B}
2013-05-17 01:31 - 2013-05-17 01:32 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2887807B-635F-42BD-BBC1-6D20774E09AC}
2013-05-17 01:31 - 2013-05-17 01:32 - 00000000 ____D C:\Users\Owner\Local Settings\{2887807B-635F-42BD-BBC1-6D20774E09AC}
2013-05-17 01:31 - 2013-05-17 01:32 - 00000000 ____D C:\Users\Owner\AppData\Local\{2887807B-635F-42BD-BBC1-6D20774E09AC}
2013-05-16 18:30 - 2013-05-16 18:30 - 34332664 ____A (Dropbox, Inc.) C:\Users\Owner\Downloads\Dropbox 2.0.12.exe
2013-05-16 18:11 - 2013-05-17 02:46 - 00192735 ____A C:\Users\Owner\My Documents\graduation 2013.wlmp
2013-05-16 18:11 - 2013-05-17 02:46 - 00192735 ____A C:\Users\Owner\Documents\graduation 2013.wlmp
2013-05-16 04:03 - 2013-05-16 04:03 - 01988633 ____A C:\Users\Owner\Desktop\Dropbox - Photo from October 31, 2012.mht
2013-05-16 03:30 - 2013-05-16 03:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\_
2013-05-16 03:30 - 2013-05-16 03:30 - 00000000 ____D C:\Users\Owner\Local Settings\_
2013-05-16 03:30 - 2013-05-16 03:30 - 00000000 ____D C:\Users\Owner\AppData\Local\_
2013-05-16 03:28 - 2013-05-16 03:28 - 00000000 ____D C:\Program Files (x86)\Ace PDF
2013-05-16 03:27 - 2013-05-16 03:27 - 06645708 ____A C:\Users\Owner\Downloads\pdf-to-image-converter.zip
2013-05-16 01:30 - 2013-06-01 04:17 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}
2013-05-16 01:30 - 2013-06-01 04:17 - 00000000 ____D C:\Users\Owner\Local Settings\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}
2013-05-16 01:30 - 2013-06-01 04:17 - 00000000 ____D C:\Users\Owner\AppData\Local\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}
2013-05-16 00:12 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 00:12 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 00:12 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 00:12 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 00:12 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 00:12 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 00:12 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 00:12 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 00:12 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 00:12 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 00:12 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 00:12 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 00:12 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 00:12 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 00:12 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-16 00:12 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-16 00:12 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-16 00:12 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-16 00:12 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-16 00:12 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-16 00:12 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-16 00:12 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-16 00:12 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-16 00:12 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-16 00:12 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-16 00:12 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-16 00:12 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-16 00:12 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-16 00:01 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-16 00:00 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 00:00 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 00:00 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 17:29 - 2013-05-15 17:29 - 01962240 ____A C:\Users\Owner\Downloads\Baby Bash - Suga Suga lyrics.mp3.part
2013-05-15 02:58 - 2013-04-15 06:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 02:58 - 2013-04-12 19:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 02:58 - 2013-04-08 17:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

==================== One Month Modified Files and Folders =======

2013-06-02 11:17 - 2013-06-02 11:17 - 00000000 ____D C:\FRST
2013-06-02 08:00 - 2013-06-02 04:23 - 00000004 ____A C:\Users\Owner\Application Data\skype.ini
2013-06-02 08:00 - 2013-06-02 04:23 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-06-02 08:00 - 2013-06-02 04:20 - 00000328 ___AH C:\Windows\Tasks\{9385C8F8-FFE7-43CD-A228-830CA9765781}.job
2013-06-02 08:00 - 2013-01-08 19:41 - 00000000 ____D C:\Users\Owner\Application Data\Spotify
2013-06-02 08:00 - 2013-01-08 19:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2013-06-02 08:00 - 2010-12-26 11:43 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-02 08:00 - 2009-06-10 06:45 - 01380477 ____A C:\Windows\WindowsUpdate.log
2013-06-02 08:00 - 2006-11-02 07:42 - 00032576 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-02 08:00 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-02 08:00 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-02 08:00 - 2006-11-02 07:22 - 00003344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 07:25 - 2009-08-23 13:35 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-02 07:21 - 2013-01-12 16:27 - 00000356 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-06-02 07:21 - 2011-10-13 13:47 - 00000000 ___RD C:\Users\Owner\Dropbox
2013-06-02 07:21 - 2011-10-13 13:40 - 00000000 ____D C:\Users\Owner\Application Data\Dropbox
2013-06-02 07:21 - 2011-10-13 13:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox
2013-06-02 07:20 - 2012-05-12 03:14 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-02 07:20 - 2009-08-23 13:35 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-02 07:17 - 2011-02-26 07:23 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-06-02 07:08 - 2009-08-23 13:27 - 00000880 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-02 06:36 - 2013-06-02 06:07 - 00000732 ____A C:\Users\Owner\Local Settings\d3d9caps64.dat
2013-06-02 06:36 - 2013-06-02 06:07 - 00000732 ____A C:\Users\Owner\Local Settings\Application Data\d3d9caps64.dat
2013-06-02 06:36 - 2013-06-02 06:07 - 00000732 ____A C:\Users\Owner\AppData\Local\d3d9caps64.dat
2013-06-02 06:17 - 2013-06-02 06:17 - 00013239 ____A C:\Users\Owner\Desktop\hs_err_pid6520.log
2013-06-02 06:16 - 2013-06-02 06:16 - 00095744 ____A (Mail.Ru) C:\Users\Owner\skype434450.exe
2013-06-02 06:16 - 2009-07-30 21:28 - 00000000 ____D C:\users\Owner
2013-06-02 06:14 - 2013-06-02 06:13 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\conhost226777.exe
2013-06-02 05:46 - 2013-06-02 05:46 - 00013241 ____A C:\Users\Owner\Desktop\hs_err_pid9112.log
2013-06-02 05:45 - 2013-06-02 05:45 - 00095744 ____A (Mail.Ru) C:\Users\Owner\acrobatreader978879.exe
2013-06-02 05:43 - 2013-06-02 05:42 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\spoolsv565326.exe
2013-06-02 05:27 - 2013-06-02 05:27 - 00012939 ____A C:\Users\Owner\Desktop\hs_err_pid7044.log
2013-06-02 05:26 - 2013-06-02 05:26 - 00095744 ____A (Mail.Ru) C:\Users\Owner\acrobat642980.exe
2013-06-02 05:24 - 2013-06-02 05:24 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\conhost673491.exe
2013-06-02 04:56 - 2013-06-02 04:56 - 00013180 ____A C:\Users\Owner\Desktop\hs_err_pid7208.log
2013-06-02 04:55 - 2013-06-02 04:55 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\jucheck201146.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00119808 ____A (Mail.Ru) C:\Users\Owner\spoolsv.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00095744 ____A (Mail.Ru) C:\Users\Owner\csrss.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00013138 ____A C:\Users\Owner\Desktop\hs_err_pid7596.log
2013-06-02 04:55 - 2013-06-02 04:55 - 00000000 ____A C:\Users\Owner\googleupdate248342.exe
2013-06-02 04:55 - 2013-06-02 04:55 - 00000000 ____A C:\Users\Owner\acrobatreader875261.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\acrobatreader.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00118784 ____A C:\Users\Owner\notepad.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00095744 ____A (Mail.Ru) C:\Users\Owner\teamviewer.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00000000 ____A C:\Users\Owner\opera.exe
2013-06-02 04:51 - 2013-06-02 04:51 - 00000000 ____A C:\Users\Owner\chrome.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\conhost.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00118784 ____A C:\Users\Owner\googleupdate.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00095744 ____A (Mail.Ru) C:\Users\Owner\msconfig.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00000000 ____A C:\Users\Owner\winlogon.exe
2013-06-02 04:50 - 2013-06-02 04:50 - 00000000 ____A C:\Users\Owner\skype.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\flashplayer.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00118784 ____A C:\Users\Owner\icq.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00095744 ____A (Mail.Ru) C:\Users\Owner\jqs.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00000000 ____A C:\Users\Owner\rundll32.exe
2013-06-02 04:48 - 2013-06-02 04:48 - 00000000 ____A C:\Users\Owner\iexplore.exe
2013-06-02 04:28 - 2009-08-08 21:54 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\Apple Computer
2013-06-02 04:28 - 2009-08-08 21:54 - 00000000 ____D C:\Users\Owner\Local Settings\Apple Computer
2013-06-02 04:28 - 2009-08-08 21:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
2013-06-02 04:20 - 2013-06-02 04:20 - 00156672 ____A (Handy-Software INC.) C:\Users\Owner\java.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00119808 ____A (Mail.Ru) C:\Users\Owner\firefox.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00118784 ____A C:\Users\Owner\acrobat.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00095744 ____A (Mail.Ru) C:\Users\Owner\ctfmon.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00095744 ____A (Mail.Ru) C:\Users\Owner\alg.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____D C:\Users\Owner\Local Settings\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____D C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\windowsupdate.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\vlcplayer.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\mstsc.exe
2013-06-02 04:20 - 2013-06-02 04:20 - 00000000 ____A C:\Users\Owner\jucheck.exe
2013-06-01 04:17 - 2013-05-16 01:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}
2013-06-01 04:17 - 2013-05-16 01:30 - 00000000 ____D C:\Users\Owner\Local Settings\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}
2013-06-01 04:17 - 2013-05-16 01:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}
2013-06-01 03:43 - 2013-06-01 03:43 - 01858464 ____A (Coupons.com Incorporated) C:\Users\Owner\Downloads\couponprinter(2).exe
2013-06-01 03:41 - 2013-06-01 03:41 - 01858464 ____A (Coupons.com Incorporated) C:\Users\Owner\Downloads\couponprinter.exe
2013-06-01 03:41 - 2013-06-01 03:41 - 01858464 ____A (Coupons.com Incorporated) C:\Users\Owner\Downloads\couponprinter(1).exe
2013-05-31 12:46 - 2006-11-02 04:46 - 00709710 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-30 17:57 - 2013-05-30 17:57 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{61BE0E30-4670-49DF-B7D2-9A3C6DD081C6}
2013-05-30 17:57 - 2013-05-30 17:57 - 00000000 ____D C:\Users\Owner\Local Settings\{61BE0E30-4670-49DF-B7D2-9A3C6DD081C6}
2013-05-30 17:57 - 2013-05-30 17:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{61BE0E30-4670-49DF-B7D2-9A3C6DD081C6}
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{81321C8D-7177-45DF-9784-E9D9ECAC4A20}
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\Owner\Local Settings\{81321C8D-7177-45DF-9784-E9D9ECAC4A20}
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{81321C8D-7177-45DF-9784-E9D9ECAC4A20}
2013-05-28 16:06 - 2012-11-03 12:04 - 00000000 ____D C:\Users\Owner\Application Data\vlc
2013-05-28 16:06 - 2012-11-03 12:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2013-05-28 16:05 - 2013-01-12 19:12 - 00000000 ____D C:\Users\Owner\Application Data\dvdcss
2013-05-28 16:05 - 2013-01-12 19:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2013-05-28 07:35 - 2009-09-29 08:59 - 00000000 ___RD C:\Users\Owner\Brooklyn
2013-05-26 13:08 - 2013-05-26 13:08 - 00000475 ____A C:\Users\Owner\Desktop\url.htm
2013-05-25 16:09 - 2013-05-25 16:02 - 00000000 ____D C:\Users\Owner\Application Data\.minecraft
2013-05-25 16:09 - 2013-05-25 16:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\.minecraft
2013-05-23 16:31 - 2011-03-05 06:37 - 00000000 ____D C:\Users\Owner\Local Settings\CrashDumps
2013-05-23 16:31 - 2011-03-05 06:37 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\CrashDumps
2013-05-23 16:31 - 2011-03-05 06:37 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2013-05-22 18:52 - 2009-07-30 21:37 - 00000334 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-05-22 14:37 - 2009-07-31 10:35 - 00100864 ____A C:\Users\Owner\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-22 14:37 - 2009-07-31 10:35 - 00100864 ____A C:\Users\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-22 14:37 - 2009-07-31 10:35 - 00100864 ____A C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-22 14:07 - 2012-05-02 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 09:23 - 2009-08-01 15:20 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-05-22 09:23 - 2009-04-20 15:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-21 17:24 - 2013-05-21 17:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-21 06:28 - 2009-09-07 10:15 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-05-18 21:29 - 2013-05-18 21:29 - 00002043 ____A C:\Users\Owner\Desktop\Google Chrome.lnk
2013-05-18 12:48 - 2013-05-18 12:47 - 00000000 ____D C:\ProgramData\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 12:48 - 2013-05-18 12:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 12:48 - 2013-05-18 12:47 - 00000000 ____D C:\Program Files\iTunes
2013-05-18 12:48 - 2009-11-02 15:53 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-18 12:47 - 2013-05-18 12:47 - 00000000 ____D C:\Program Files\iPod
2013-05-18 08:05 - 2013-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{8BF36A1F-C62D-4195-8E63-F3EC737FFB6B}
2013-05-18 08:05 - 2013-05-18 08:05 - 00000000 ____D C:\Users\Owner\Local Settings\{8BF36A1F-C62D-4195-8E63-F3EC737FFB6B}
2013-05-18 08:05 - 2013-05-18 08:05 - 00000000 ____D C:\Users\Owner\AppData\Local\{8BF36A1F-C62D-4195-8E63-F3EC737FFB6B}
2013-05-17 02:46 - 2013-05-16 18:11 - 00192735 ____A C:\Users\Owner\My Documents\graduation 2013.wlmp
2013-05-17 02:46 - 2013-05-16 18:11 - 00192735 ____A C:\Users\Owner\Documents\graduation 2013.wlmp
2013-05-17 01:32 - 2013-05-17 01:31 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\{2887807B-635F-42BD-BBC1-6D20774E09AC}
2013-05-17 01:32 - 2013-05-17 01:31 - 00000000 ____D C:\Users\Owner\Local Settings\{2887807B-635F-42BD-BBC1-6D20774E09AC}
2013-05-17 01:32 - 2013-05-17 01:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{2887807B-635F-42BD-BBC1-6D20774E09AC}
2013-05-16 18:30 - 2013-05-16 18:30 - 34332664 ____A (Dropbox, Inc.) C:\Users\Owner\Downloads\Dropbox 2.0.12.exe
2013-05-16 16:32 - 2010-05-07 17:10 - 01588224 ___RA C:\Users\Public\Documents\ESBK.mbb
2013-05-16 16:32 - 2010-05-07 17:10 - 01588224 ___RA C:\ProgramData\Documents\ESBK.mbb
2013-05-16 16:32 - 2010-05-07 17:10 - 00657408 ___RA C:\Users\Public\Documents\ESBK.mb
2013-05-16 16:32 - 2010-05-07 17:10 - 00657408 ___RA C:\ProgramData\Documents\ESBK.mb
2013-05-16 04:03 - 2013-05-16 04:03 - 01988633 ____A C:\Users\Owner\Desktop\Dropbox - Photo from October 31, 2012.mht
2013-05-16 03:30 - 2013-05-16 03:30 - 00000000 ____D C:\Users\Owner\Local Settings\Application Data\_
2013-05-16 03:30 - 2013-05-16 03:30 - 00000000 ____D C:\Users\Owner\Local Settings\_
2013-05-16 03:30 - 2013-05-16 03:30 - 00000000 ____D C:\Users\Owner\AppData\Local\_
2013-05-16 03:28 - 2013-05-16 03:28 - 00000000 ____D C:\Program Files (x86)\Ace PDF
2013-05-16 03:27 - 2013-05-16 03:27 - 06645708 ____A C:\Users\Owner\Downloads\pdf-to-image-converter.zip
2013-05-16 01:26 - 2010-04-15 13:59 - 00000000 ____D C:\Users\Owner\My Documents\My Scans
2013-05-16 01:26 - 2010-04-15 13:59 - 00000000 ____D C:\Users\Owner\Documents\My Scans
2013-05-16 00:32 - 2006-11-02 07:21 - 00334136 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-16 00:08 - 2006-11-02 04:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-15 17:29 - 2013-05-15 17:29 - 01962240 ____A C:\Users\Owner\Downloads\Baby Bash - Suga Suga lyrics.mp3.part
2013-05-15 10:20 - 2012-05-12 03:14 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 10:20 - 2011-06-15 04:54 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 09:40 - 2011-09-21 15:01 - 00009516 ____A C:\Windows\setupact.log
2013-05-05 14:52 - 2012-08-25 12:57 - 00000000 ____D C:\Users\Owner\My Documents\RAQUEL
2013-05-05 14:52 - 2012-08-25 12:57 - 00000000 ____D C:\Users\Owner\Documents\RAQUEL
2013-05-05 13:36 - 2013-05-16 00:00 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 13:16 - 2013-05-16 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 11:25 - 2013-05-16 00:01 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 11:12 - 2013-05-16 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\Users\Owner\acrobat.exe
C:\Users\Owner\acrobat642980.exe
C:\Users\Owner\acrobatreader.exe
C:\Users\Owner\acrobatreader875261.exe
C:\Users\Owner\acrobatreader978879.exe
C:\Users\Owner\alg.exe
C:\Users\Owner\chrome.exe
C:\Users\Owner\conhost.exe
C:\Users\Owner\conhost226777.exe
C:\Users\Owner\conhost673491.exe
C:\Users\Owner\csrss.exe
C:\Users\Owner\ctfmon.exe
C:\Users\Owner\firefox.exe
C:\Users\Owner\flashplayer.exe
C:\Users\Owner\googleupdate.exe
C:\Users\Owner\googleupdate248342.exe
C:\Users\Owner\icq.exe
C:\Users\Owner\iexplore.exe
C:\Users\Owner\java.exe
C:\Users\Owner\jqs.exe
C:\Users\Owner\jucheck.exe
C:\Users\Owner\jucheck201146.exe
C:\Users\Owner\msconfig.exe
C:\Users\Owner\mstsc.exe
C:\Users\Owner\notepad.exe
C:\Users\Owner\opera.exe
C:\Users\Owner\rundll32.exe
C:\Users\Owner\skype.exe
C:\Users\Owner\skype434450.exe
C:\Users\Owner\spoolsv.exe
C:\Users\Owner\spoolsv565326.exe
C:\Users\Owner\teamviewer.exe
C:\Users\Owner\vlcplayer.exe
C:\Users\Owner\windowsupdate.exe
C:\Users\Owner\winlogon.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\Tasks\{9385C8F8-FFE7-43CD-A228-830CA9765781}.job

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-03 14:05:57
Restore point made on: 2013-05-13 08:19:42
Restore point made on: 2013-05-14 14:47:42
Restore point made on: 2013-05-16 00:00:48
Restore point made on: 2013-05-16 03:28:23
Restore point made on: 2013-05-16 19:44:18
Restore point made on: 2013-05-18 14:05:00
Restore point made on: 2013-05-22 09:22:46
Restore point made on: 2013-05-25 14:10:56
Restore point made on: 2013-05-30 06:09:59

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3998.26 MB
Available physical RAM: 3318.52 MB
Total Pagefile: 3675.46 MB
Available Pagefile: 3295.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:220.6 GB) (Free:31.63 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:12.28 GB) (Free:1.3 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: (Sims3EP02) (CDROM) (Total:4.6 GB) (Free:0 GB) UDF
Drive g: (BYTE) (Removable) (Total:7.52 GB) (Free:7.52 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: AA0A7A18)
Partition 1: (Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=8 GB) - (Type=0C)


Last Boot: 2013-06-02 07:23

==================== End Of Log ============================




Farbar Recovery Scan Tool (x64) Version: 02-06-2013
Ran by SYSTEM at 2013-06-02 11:21:35
Running from G:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-12-03 14:45] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-01-20 18:50] - [2008-01-20 18:50] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009-12-03 14:45] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 0384512 ____A (Microsoft Corporation) DFAC660F0F139276CC9299812DE42719

C:\Windows\SysWOW64\services.exe
[2009-12-03 14:45] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe
[2009-12-03 14:45] - [2009-04-10 23:10] - 0384512 ____A (Microsoft Corporation) 934E0B7D77FF78C18D9F8891221B6DE3

====== End Of Search ======
  • 0

#3
gringo_pr
Posted 02 June 2013 - 07:03 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello drsyesta

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt 

HKU\Owner\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\Owner\...\Run: [{7EF5F6EE-3F79-4809-88E6-99A8E83F7F9B}] rundll32 "C:\Users\Owner\AppData\Local\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}\{7EF5F6EE-3F79-4809-88E6-99A8E83F7F9B}\zzrcrthp.dll",DllRegisterServer [534528 2013-06-01] (Autodesk, Inc.) <===== ATTENTION
HKU\Owner\...\Run: [Apple Computer] rundll32.exe "C:\Users\Owner\AppData\Local\Apple Computer\kmamifzd.dll",jmvden [824320 2013-06-01] (Parallels) <===== ATTENTION
HKU\Owner\...\Run: [Adobe CSS5.1 Manager] C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad\ffacfeacadcfad.exe [118784 2013-06-02] ()
HKU\Owner\...\RunOnce: [Adobe CSS5.1 Manager] C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad\ffacfeacadcfad.exe [118784 2013-06-02] ()
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [156672 2011-11-18] (Handy-Software INC.) <==== ATTENTION
C:\Users\Owner\acrobat.exe
C:\Users\Owner\acrobat642980.exe
C:\Users\Owner\acrobatreader.exe
C:\Users\Owner\acrobatreader875261.exe
C:\Users\Owner\acrobatreader978879.exe
C:\Users\Owner\alg.exe
C:\Users\Owner\chrome.exe
C:\Users\Owner\conhost.exe
C:\Users\Owner\conhost226777.exe
C:\Users\Owner\conhost673491.exe
C:\Users\Owner\csrss.exe
C:\Users\Owner\ctfmon.exe
C:\Users\Owner\firefox.exe
C:\Users\Owner\flashplayer.exe
C:\Users\Owner\googleupdate.exe
C:\Users\Owner\googleupdate248342.exe
C:\Users\Owner\icq.exe
C:\Users\Owner\iexplore.exe
C:\Users\Owner\java.exe
C:\Users\Owner\jqs.exe
C:\Users\Owner\jucheck.exe
C:\Users\Owner\jucheck201146.exe
C:\Users\Owner\msconfig.exe
C:\Users\Owner\mstsc.exe
C:\Users\Owner\notepad.exe
C:\Users\Owner\opera.exe
C:\Users\Owner\rundll32.exe
C:\Users\Owner\skype.exe
C:\Users\Owner\skype434450.exe
C:\Users\Owner\spoolsv.exe
C:\Users\Owner\spoolsv565326.exe
C:\Users\Owner\teamviewer.exe
C:\Users\Owner\vlcplayer.exe
C:\Users\Owner\windowsupdate.exe
C:\Users\Owner\winlogon.exe
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini
C:\Windows\Tasks\{9385C8F8-FFE7-43CD-A228-830CA9765781}.job
C:\Program Files (x86)\Optimizer Pro
C:\Users\Owner\AppData\Local\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7}
C:\Users\Owner\AppData\Local\Apple Computer\kmamifzd.dll
C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
  • 0

#4
drsyesta
Posted 03 June 2013 - 10:34 PM

drsyesta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The computer started up just fine! Didn't notice anything unusual.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2013
Ran by SYSTEM at 2013-06-03 23:24:48 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value deleted successfully.
HKEY_USERS\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\{7EF5F6EE-3F79-4809-88E6-99A8E83F7F9B} => Value deleted successfully.
HKEY_USERS\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Apple Computer => Value deleted successfully.
HKEY_USERS\Owner\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value deleted successfully.
HKEY_USERS\Owner\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Adobe CSS5.1 Manager => Value deleted successfully.
HKEY_USERS\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Owner\acrobat.exe => Moved successfully.
C:\Users\Owner\acrobat642980.exe => Moved successfully.
C:\Users\Owner\acrobatreader.exe => Moved successfully.
C:\Users\Owner\acrobatreader875261.exe => Moved successfully.
C:\Users\Owner\acrobatreader978879.exe => Moved successfully.
C:\Users\Owner\alg.exe => Moved successfully.
C:\Users\Owner\chrome.exe => Moved successfully.
C:\Users\Owner\conhost.exe => Moved successfully.
C:\Users\Owner\conhost226777.exe => Moved successfully.
C:\Users\Owner\conhost673491.exe => Moved successfully.
C:\Users\Owner\csrss.exe => Moved successfully.
C:\Users\Owner\ctfmon.exe => Moved successfully.
C:\Users\Owner\firefox.exe => Moved successfully.
C:\Users\Owner\flashplayer.exe => Moved successfully.
C:\Users\Owner\googleupdate.exe => Moved successfully.
C:\Users\Owner\googleupdate248342.exe => Moved successfully.
C:\Users\Owner\icq.exe => Moved successfully.
C:\Users\Owner\iexplore.exe => Moved successfully.
C:\Users\Owner\java.exe => Moved successfully.
C:\Users\Owner\jqs.exe => Moved successfully.
C:\Users\Owner\jucheck.exe => Moved successfully.
C:\Users\Owner\jucheck201146.exe => Moved successfully.
C:\Users\Owner\msconfig.exe => Moved successfully.
C:\Users\Owner\mstsc.exe => Moved successfully.
C:\Users\Owner\notepad.exe => Moved successfully.
C:\Users\Owner\opera.exe => Moved successfully.
C:\Users\Owner\rundll32.exe => Moved successfully.
C:\Users\Owner\skype.exe => Moved successfully.
C:\Users\Owner\skype434450.exe => Moved successfully.
C:\Users\Owner\spoolsv.exe => Moved successfully.
C:\Users\Owner\spoolsv565326.exe => Moved successfully.
C:\Users\Owner\teamviewer.exe => Moved successfully.
C:\Users\Owner\vlcplayer.exe => Moved successfully.
C:\Users\Owner\windowsupdate.exe => Moved successfully.
C:\Users\Owner\winlogon.exe => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Owner\AppData\Roaming\skype.ini => Moved successfully.
C:\Windows\Tasks\{9385C8F8-FFE7-43CD-A228-830CA9765781}.job => Moved successfully.
C:\Program Files (x86)\Optimizer Pro => Moved successfully.
C:\Users\Owner\AppData\Local\{73D56B8F-0074-4017-BAB2-5EA5BD50CCB7} => Moved successfully.
C:\Users\Owner\AppData\Local\Apple Computer\kmamifzd.dll => Moved successfully.
C:\Users\Owner\AppData\Local\70f3605f-0ac9-4fe7-944a-c2a8dc9861f5ad => Moved successfully.

==== End of Fixlog ====
  • 0

#5
gringo_pr
Posted 04 June 2013 - 07:32 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello drsyesta

that is great news!! lets do some more checking to make sure nothing else is lurking around.
These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#6
drsyesta
Posted 04 June 2013 - 04:21 PM

drsyesta

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Everything ran smoothly with the Cleaners, though i forgot to close my browser until after I started the JRT.


# AdwCleaner v2.301 - Logfile created 06/04/2013 at 16:00:38
# Updated 16/05/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Deleted on reboot : C:\Users\Owner\AppData\Local\SwvUpdater
Deleted on reboot : C:\Users\Owner\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Owner\AppData\Roaming\OneTab
Deleted on reboot : C:\Users\Owner\AppData\Roaming\Optimizer Pro
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\Tasks\AmiUpdXp.job

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2463487
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16ADEA98-D215-4F51-80AF-5E5ED660B9C0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://blank.maxwebsearch.com/?type=blank&userid=2bde9322-f051-43bb-9d96-7e8ad4edef3a&implementation=maxwebsearch&implementationdomain=maxwebsearch.com&source=&uc=20130113&subid=20130113 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hqkq9cp0.default\prefs.js

C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hqkq9cp0.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6166 octets] - [04/06/2013 16:00:38]

########## EOF - C:\AdwCleaner[S1].txt - [6226 octets] ##########






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Owner on Tue 06/04/2013 at 16:09:17.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{AC86B16E-C46B-40B0-8328-765521ED682E}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5A0CF0FD-87DC-460F-83D7-77C3A5680955}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{800B35F9-A77F-4C65-BAD5-1D7309DD8780}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{068A2271-927F-444A-8F80-0C2D2F735609}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{08A7ADC2-9547-4F22-B53E-0F60B009D10A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1123AD57-F83F-4C48-BB18-0354F7ED2E44}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{11F9FF5B-6F6C-4D90-A30D-02F2684369CE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1677A20C-AA1B-4CCF-81F5-FCA2301818BF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1CB93C4A-E6FE-447B-A9AD-8E8B8707CCA7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{1FFB14A5-72AC-4BDE-BB7F-D4C040AFDFE8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{21DA275D-D609-4D2B-A246-B77F3D639026}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{2887807B-635F-42BD-BBC1-6D20774E09AC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3190C2DA-380A-4446-83DA-96B9B48F50FB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3527915B-42DA-405D-82BE-17D32E1B3F17}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3635625E-CA3F-4640-8328-EEEB83F251DE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{38D905A1-A9E1-4B9E-9A3C-071814297660}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{3B56B4DF-8B80-48BD-8A3C-A6500564B0A2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{42D87930-52EC-4B05-96AB-7BCB96FC259E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{44BE3141-08A0-4F50-9574-2051DF2741B7}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{451C04D1-D38C-4BC8-BD0A-FB9F7ACC5A68}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{46C001AF-D122-4E7A-8064-8E947BB3912C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{4819C167-CC7F-4AB2-9BCC-5ED34086CAD9}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{48F4537A-50E0-4617-AF55-4023D4339A38}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{54E77EEC-CB1F-4356-9893-B1226EADD1C8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{569DB9B6-1391-4332-9A81-5E11A28043C1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{573C7E23-64F5-4B55-9979-2909EBEE6EC8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{59D6D0AE-A4EE-4588-A3A2-CEF7C4F81032}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5D4AED52-9B59-4DF8-882A-A3FC217E76FB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5DFFC0A2-FF74-4140-A212-019DDCF14D10}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{5FF7286F-827F-46C8-8B17-9E16941C0DBB}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{61BE0E30-4670-49DF-B7D2-9A3C6DD081C6}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{63CB1169-3464-4201-AD5A-DACE14499982}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{65812826-20E2-4BDB-8297-06B7CBC3D7F8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6758123F-6968-466C-9547-93F6571EF94F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{685B2495-B89D-4559-8A75-5FA7F7FE4A8D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6B5652CE-F267-4E97-9CFF-B41C7AE29ADE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{6D7C2A78-0A28-48E0-B18F-B40C6C55D76D}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7B438BE3-CF26-4AB1-B5F0-666CF4F5AF68}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7CE69FCB-C9BB-4781-93E9-C92358823934}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{7EF5F6EE-3F79-4809-88E6-99A8E83F7F9B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{81321C8D-7177-45DF-9784-E9D9ECAC4A20}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8260F7EE-9216-4A45-9F63-2B0608367BF2}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{8BF36A1F-C62D-4195-8E63-F3EC737FFB6B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{92429744-3EB3-45C5-9F70-9AC2E82F9680}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{94DE0B03-1DE9-4E88-9EE9-D8639DC6940C}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{98C46C34-8F1A-4A55-BDCB-AA91CAF7EE0A}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9ADC8570-63C0-4D9D-A95B-9CA817AC6E14}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9D55CD6D-E2EC-4CAF-ADEA-56B301E25797}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9E9EB240-7CF0-4AEB-BFA7-7E1F5FAA0A9E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{9FF5A78F-D12B-4E67-A0B8-90B464C1D024}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A07DAB37-D7DA-4A53-B704-A7AA8C452D6F}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A311EC68-E7B5-4B56-9412-AB2759A246FC}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{A58C3CA6-2233-418A-98CC-392AF8A1072B}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B96BAE69-5C50-47E9-BF9F-0DB2DD627FF1}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{B9AD0F71-5EC4-4ED8-BA29-FF55570FF6D8}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BC72AF79-9373-4371-8D78-A254D0BC6715}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{BED73FC8-A1AF-4C8E-9334-32447E372911}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C3F49E09-6A84-4107-909C-1FF41F96BD1E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{C7D7B079-F317-4F96-B242-41FE68DCCADF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{CB2C4D1F-A15A-4E8D-9DD7-135CB750ADBF}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D2C8C9D6-2469-4193-B92A-FE14D5B3A562}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D635E95D-D042-49AF-AD2D-9009CB381F32}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{D7D54D3E-02A6-49D7-9986-17C823974DFE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{DAA5A08B-F2DB-4AB7-B6EF-88D79843AFB4}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{E6583AEA-016D-4071-A5D3-57DEA4DF179E}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F72D424C-77CD-43F2-9B99-817C83831171}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F74D4A2D-A0B8-44F8-BCA5-E711B178F479}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{F9C6D85D-107C-4E5C-9E97-3A0C8C650AFE}
Successfully deleted: [Empty Folder] C:\Users\Owner\appdata\local\{FF2A7B7B-DE9B-4896-8003-08F192B2B9F6}



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\safesearch.xml"
Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hqkq9cp0.default\extensions\[email protected] [Tracur]
Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hqkq9cp0.default\extensions\[email protected]
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\hqkq9cp0.default\minidumps [160 files]



~~~ Chrome

Dumping contents of C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aadjdgdedhddgbdcdjdjgddidedjdhgg
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aadjdgdedhddgbdcdjdjgddidedjdhgg\background.html
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aadjdgdedhddgbdcdjdjgddidedjdhgg\ContentScript.js
C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default\aadjdgdedhddgbdcdjdjgddidedjdhgg\manifest.json

Successfully deleted: [Folder] C:\Users\Owner\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/04/2013 at 16:15:40.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
gringo_pr
Posted 04 June 2013 - 06:43 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello drsyesta

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#8
gringo_pr
Posted 07 June 2013 - 11:27 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#9
gringo_pr
Posted 10 June 2013 - 12:44 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP