Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

zero access and other malware issues [Closed]


  • This topic is locked This topic is locked

#1
dh1234

dh1234

    New Member

  • Member
  • Pip
  • 1 posts
Hello, My computer has been running slow and I realized I didn't have any real-time anti virus installed. However, I had been running scans with malwarebytes and spybot every month or so. I ran a scan with RogueKiller, and it detected the ZeroAccess rootkit, which I had the program remove.

Lastly, a person from my local bank emailed me and stated that they detected the "Shylock" trojan coming from my IP and some other nasty malware.

I haven't been having many symptoms besides slowness. I've ran Hitman pro, rogue killer, malwarebytes, spybot and have now installed avast antivirus. Below is my OTL log, I left all the settings as default. Thanks for the help!!

OTL logfile created on: 9/14/2013 4:58:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.60% Memory free
6.20 Gb Paging File | 4.86 Gb Available in Paging File | 78.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455.54 Gb Total Space | 266.72 Gb Free Space | 58.55% Space Free | Partition Type: NTFS
Drive D: | 10.22 Gb Total Space | 4.43 Gb Free Space | 43.33% Space Free | Partition Type: NTFS
Drive E: | 454.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/14 16:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 22:53:13 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\HeadlineAlley_29\bar\1.bin\29barsvc.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/09 16:01:16 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
PRC - [2011/09/09 15:49:30 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
PRC - [2011/09/06 17:12:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/11/08 02:09:20 | 002,647,552 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2007/11/26 15:50:52 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2007/08/25 00:46:54 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/11/15 16:57:58 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2013/09/13 21:34:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/09 22:53:13 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\HeadlineAlley_29\bar\1.bin\29barsvc.exe -- (HeadlineAlley_29Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/06 17:12:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/11/08 02:09:20 | 002,647,552 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 15:50:52 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/08/25 00:46:54 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/11/15 16:57:58 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\system32\AE39.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\owner\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/09/14 13:36:55 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/09/14 00:12:32 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\EEK\Run\a2ddax86.sys -- (A2DDA)
DRV - [2013/09/14 00:12:30 | 000,050,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp32.sys -- (cleanhlp)
DRV - [2013/08/30 00:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 00:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 00:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 00:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 00:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 00:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 00:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 00:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/11/03 19:40:58 | 000,021,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/11/03 19:39:26 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2010/09/26 19:10:30 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/01/18 23:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/26 15:50:54 | 000,021,832 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\wrSSweep.sys -- (wrssweep)
DRV - [2007/06/29 00:43:00 | 007,568,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/04/08 20:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2006/11/02 13:39:42 | 000,812,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/02 00:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2006/11/02 00:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=DTP&M=GM5626
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=DTP&M=GM5626
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GM5626
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {08f9937e-0a4f-48cf-94e7-827223daec1d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {C0C30B3A-3897-4D11-B725-7E1E36FC8A38}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5B16DB9D-4E3C-423B-9C7E-C2DEEF3E6BBB}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{9a2d7aa7-c5a9-4eb1-9e08-c6aaa7538b55}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKCU\..\SearchScopes\{C0C30B3A-3897-4D11-B725-7E1E36FC8A38}: "URL" = http://search.zoneal...sId=&ver=&&r=67
IE - HKCU\..\SearchScopes\{CD463685-C213-8B1D-7ADD-BBF149324B38}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@HeadlineAlley_29.com/Plugin: C:\Program Files\HeadlineAlley_29\bar\1.bin\NP29Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\29ffxtbr@HeadlineAlley_29.com: C:\Program Files\HeadlineAlley_29\bar\1.bin [2013/09/14 13:35:36 | 000,000,000 | ---D | M]

[2012/09/10 04:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://search.zoneal...=&tstsId=&ver=
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/14 12:52:25 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {433ae6bf-a1fd-4a51-858e-6c26c7cd64db} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Search Assistant BHO) - {9c8de6c1-88f6-4515-9e81-6a280bb35349} - C:\Program Files\HeadlineAlley_29\bar\1.bin\29SrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HeadlineAlley Search Scope Monitor] C:\Program Files\HeadlineAlley_29\bar\1.bin\29SrchMn.exe (MindSpark)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET) #2] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: &Search - ?p=ZJxdm398ZYUS File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www6.eleadcrm...cation/smsx.cab (MeadCo ScriptX)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} https://mydlink.com/...aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://129.65.176.6/...sCamControl.cab (CamImage Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://166.148.82.22...hecker_8500.cab (OCXDownloadChecker Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B3F6BF3-051C-4C00-945C-0FEED9E4F091}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/07/25 03:54:08 | 000,863,984 | R--- | M] (Trend Micro Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012/07/25 03:54:08 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0eef1bac-170c-11e0-9034-0019d1a938e9}\Shell - "" = AutoRun
O33 - MountPoints2\{0eef1bac-170c-11e0-9034-0019d1a938e9}\Shell\AutoRun\command - "" = G:\ATTPreCopy.exe /-L -d:LGEUSB2100T1 -7
O33 - MountPoints2\{fcfd81e8-52d5-11dc-b4b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fcfd81e8-52d5-11dc-b4b6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2012/07/25 03:54:08 | 000,863,984 | R--- | M] (Trend Micro Inc.)
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\wd_windows_tools\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/14 16:57:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2013/09/14 15:56:00 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\System32\SAVRKBootTasks.sys
[2013/09/14 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/09/14 15:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/09/14 15:42:20 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/09/14 15:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013/09/14 15:34:28 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/09/14 15:34:28 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/09/14 15:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/09/14 15:34:27 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/09/14 15:34:25 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/09/14 15:34:22 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/09/14 15:34:22 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/09/14 15:34:22 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/09/14 15:33:47 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/09/14 15:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/14 15:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/14 15:21:33 | 000,072,704 | ---- | C] (Emsisoft GmbH) -- C:\Windows\System32\eamclean.exe
[2013/09/14 14:35:25 | 000,000,000 | ---D | C] -- C:\EEK
[2013/09/14 13:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/14 13:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/09/14 13:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/09/14 13:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/14 12:17:27 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine
[2013/09/14 12:17:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/14 11:59:49 | 000,000,000 | --SD | C] -- C:\ieexplorer1
[2013/09/14 10:54:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/14 10:54:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/14 10:54:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/14 10:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/14 10:54:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/31 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\DoNotTrackPlus
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/14 16:57:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2013/09/14 16:53:13 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat
[2013/09/14 16:53:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/14 16:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/14 15:42:20 | 000,002,038 | ---- | M] () -- C:\Users\owner\Desktop\Sophos Virus Removal Tool.lnk
[2013/09/14 15:34:28 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/09/14 15:34:22 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/09/14 15:22:55 | 000,001,765 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
[2013/09/14 15:22:38 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/14 15:22:38 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/14 15:22:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/14 15:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/14 15:22:32 | 3210,719,232 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/14 15:21:33 | 000,072,704 | ---- | M] (Emsisoft GmbH) -- C:\Windows\System32\eamclean.exe
[2013/09/14 15:21:33 | 000,000,094 | ---- | M] () -- C:\Windows\System32\eamclean.dat
[2013/09/14 14:35:50 | 000,000,498 | ---- | M] () -- C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
[2013/09/14 13:36:55 | 000,030,976 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/09/14 13:35:36 | 000,002,484 | ---- | M] () -- C:\Windows\System32\.crusader
[2013/09/14 13:28:10 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/09/14 10:52:32 | 000,026,674 | ---- | M] () -- C:\Users\owner\Desktop\C-2SampleLEASE (1).pdf
[2013/09/12 03:22:03 | 000,311,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/03 13:22:27 | 000,002,519 | ---- | M] () -- C:\Users\owner\Desktop\Microsoft Office Picture Manager.lnk
[2013/09/01 15:31:29 | 000,651,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/01 15:31:28 | 000,121,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/31 15:33:39 | 000,000,503 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk
[2013/08/31 11:28:22 | 000,000,896 | ---- | M] () -- C:\Users\owner\Desktop\Villas with a View - Jetsetter (4).url
[2013/08/31 11:28:18 | 000,000,896 | ---- | M] () -- C:\Users\owner\Desktop\Villas with a View - Jetsetter (3).url
[2013/08/31 11:25:48 | 000,260,615 | ---- | M] () -- C:\Users\owner\Documents\Scan0271.pdf
[2013/08/31 11:20:54 | 000,000,896 | ---- | M] () -- C:\Users\owner\Desktop\Villas with a View - Jetsetter (2).url
[2013/08/31 03:57:44 | 000,000,196 | ---- | M] () -- C:\Users\owner\Desktop\reputable.url
[2013/08/31 03:56:15 | 000,005,485 | ---- | M] () -- C:\Users\owner\Desktop\Reputable Synonyms, Reputable Antonyms Thesaurus.com.url
[2013/08/30 00:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/30 00:48:13 | 000,177,864 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/30 00:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/30 00:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/30 00:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/08/30 00:48:12 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/30 00:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/30 00:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/30 00:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/30 00:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/08/29 00:21:23 | 000,000,879 | ---- | M] () -- C:\Users\owner\Desktop\Fallen Arch Guide Causes, Symptoms and Treatment Options (2).url
[2013/08/29 00:21:19 | 000,000,879 | ---- | M] () -- C:\Users\owner\Desktop\Fallen Arch Guide Causes, Symptoms and Treatment Options.url
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/14 16:53:13 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat
[2013/09/14 15:42:20 | 000,002,038 | ---- | C] () -- C:\Users\owner\Desktop\Sophos Virus Removal Tool.lnk
[2013/09/14 15:34:28 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/09/14 15:34:22 | 000,177,864 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/09/14 15:34:22 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/09/14 15:21:33 | 000,000,094 | ---- | C] () -- C:\Windows\System32\eamclean.dat
[2013/09/14 14:35:50 | 000,000,498 | ---- | C] () -- C:\Users\owner\Desktop\Emsisoft Emergency Kit.lnk
[2013/09/14 13:36:55 | 000,030,976 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro37.sys
[2013/09/14 13:35:36 | 000,002,484 | ---- | C] () -- C:\Windows\System32\.crusader
[2013/09/14 13:28:10 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/09/14 10:54:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/14 10:54:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/14 10:54:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/14 10:54:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/14 10:54:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/14 10:52:32 | 000,026,674 | ---- | C] () -- C:\Users\owner\Desktop\C-2SampleLEASE (1).pdf
[2013/08/31 15:33:37 | 000,000,503 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro Titanium Internet Security Installer.lnk
[2013/08/31 11:28:22 | 000,000,896 | ---- | C] () -- C:\Users\owner\Desktop\Villas with a View - Jetsetter (4).url
[2013/08/31 11:28:18 | 000,000,896 | ---- | C] () -- C:\Users\owner\Desktop\Villas with a View - Jetsetter (3).url
[2013/08/31 11:25:48 | 000,260,615 | ---- | C] () -- C:\Users\owner\Documents\Scan0271.pdf
[2013/08/31 03:56:15 | 000,005,485 | ---- | C] () -- C:\Users\owner\Desktop\Reputable Synonyms, Reputable Antonyms Thesaurus.com.url
[2013/08/31 03:56:09 | 000,000,196 | ---- | C] () -- C:\Users\owner\Desktop\reputable.url
[2013/08/29 00:21:23 | 000,000,879 | ---- | C] () -- C:\Users\owner\Desktop\Fallen Arch Guide Causes, Symptoms and Treatment Options (2).url
[2013/08/29 00:21:18 | 000,000,879 | ---- | C] () -- C:\Users\owner\Desktop\Fallen Arch Guide Causes, Symptoms and Treatment Options.url
[2013/02/27 23:52:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/01/29 23:17:56 | 000,000,024 | ---- | C] () -- C:\Windows\GeoDebug61.ini
[2013/01/29 23:17:25 | 000,253,952 | ---- | C] () -- C:\Windows\JxIni.dll
[2013/01/29 23:17:25 | 000,213,065 | ---- | C] () -- C:\Windows\GV_GeoPTZini.dll
[2013/01/29 23:17:25 | 000,028,759 | ---- | C] ( ) -- C:\Windows\GV_AccessIni_Memory.dll
[2012/12/10 19:27:35 | 001,024,628 | ---- | C] () -- C:\Users\owner\daves phone numbers.mht
[2012/10/09 20:59:46 | 000,024,206 | ---- | C] () -- C:\Users\owner\AppData\Roaming\UserTile.png
[2012/02/11 12:49:57 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2010/09/20 17:03:07 | 000,072,080 | ---- | C] () -- C:\Users\owner\g2mdlhlpx.exe
[2009/09/12 12:29:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/31 16:38:50 | 000,005,892 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2007/12/18 23:27:50 | 000,008,134 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat
[2007/11/07 16:59:45 | 000,052,224 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/25 14:32:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\5E6F7
[2012/11/03 06:34:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CheckPoint
[2011/12/24 11:20:12 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\F7630
[2010/01/29 12:38:37 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Image Zone Express
[2011/02/25 00:44:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PACE Anti-Piracy
[2012/10/09 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeerNetworking
[2007/11/26 20:16:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Premiere
[2009/10/03 09:59:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Printer Info Cache
[2009/04/05 17:03:55 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Research In Motion
[2007/11/07 22:00:49 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SampleView
[2011/12/25 18:59:00 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spare Backup
[2012/10/18 03:27:03 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Spotify
[2007/12/18 23:27:51 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/07/20 00:12:07 | 000,002,526 | ---- | M] ()(C:\Users\owner\Desktop\What Happened To Larry Hillblom, Billionaire And founder Of DHL ? On Demand Weekly.url) -- C:\Users\owner\Desktop\What Happened To Larry Hillblom, Billionaire And founder Of DHL → On Demand Weekly.url
[2013/07/20 00:12:06 | 000,002,526 | ---- | C] ()(C:\Users\owner\Desktop\What Happened To Larry Hillblom, Billionaire And founder Of DHL ? On Demand Weekly.url) -- C:\Users\owner\Desktop\What Happened To Larry Hillblom, Billionaire And founder Of DHL → On Demand Weekly.url

========== Alternate Data Streams ==========

@Alternate Data Stream - 921 bytes -> C:\Users\owner\Documents\Thanksgiving group pictures.eml:OECustomProperty
@Alternate Data Stream - 852 bytes -> C:\Users\owner\Documents\Re_ Dave - monthly web hosting _ moving forward.eml:OECustomProperty
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\seandiet.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\scan0161.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\scan0088.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Office2007TrialActivationKey.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\New Products.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\naranjo.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\move.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\monthLSf2-Sep-2008-l6ZR.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Memo-Dish3 Feb.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\Credit 4 21 08.pdf:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\clover ranch.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\owner\Documents\account letter.pdf:Roxio EMC Stream
@Alternate Data Stream - 482 bytes -> C:\Users\owner\Documents\letter to colleen.eml:OECustomProperty
@Alternate Data Stream - 1086 bytes -> C:\Users\owner\Documents\Re_ Solar info for Milky Way Cupertino.eml:OECustomProperty

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello dh1234

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP