This topic is locked
I let my nephew use my computer for school, when I got it back I noticed it was running a little slow. Malwarebytes alerted me that something was trying to access my pc and blocked it several times. I started getting the blue screen of death, while surfing and sometimes while voicing in skype [facebook] it would freeze my pc. I'd have to hit the power button and then restart. I noticed some adult sites in my history and a few things were saved to my system which I deleted. Today when I turned my pc on...Malwarebytes would not load. I kept getting a microsoft error that the program was being closed. I ran CHAMELEON within MBAM and it would not work. I tried all 13 tests and then retried them all in safe mode. MBAM is still inoperative. Highly likely my puter is infected! Would greatly appreciate help in fixing this problem. I also noticed Audacity software showing in the OTL log. I never used it and deleted that program. If there are remnants, I would like it completely deleted. Thanks so much in advance for all your help!!!
OTL LOG
OTL logfile created on: 6/22/2014 2:14:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.43 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 37.34% Memory free
3.12 Gb Paging File | 1.94 Gb Available in Paging File | 62.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 21.11 Gb Free Space | 32.34% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.58 Gb Free Space | 38.61% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/22 14:13:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\Desktop\OTL.exe
PRC - [2014/06/10 16:16:09 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/09/26 16:41:52 | 000,153,776 | ---- | M] (WinZip Computing International, LLC) -- C:\Program Files\File Association Helper\FAHWindow.exe
PRC - [2013/05/29 15:50:52 | 001,734,144 | ---- | M] (AimerSoft) -- C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
PRC - [2012/09/07 02:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
PRC - [2010/06/28 07:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
========== Modules (No Company Name) ==========
MOD - [2014/06/10 16:16:02 | 003,852,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/19 06:06:23 | 000,025,600 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMADIQ40.DLL
MOD - [2012/09/19 06:06:22 | 000,431,104 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\LMADIQ4A.DLL
MOD - [2012/09/07 02:40:01 | 000,952,496 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2012/08/22 06:05:46 | 001,490,944 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2012/05/25 04:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007/01/25 21:11:36 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Windows\system32\wbengine.exe -- (wbengine)
SRV - [2014/05/14 02:39:33 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/06 19:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/02/02 12:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/05/12 07:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/11/07 15:15:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/10/01 11:37:42 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 21:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 15:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 17:39:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2013/11/12 17:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2014/05/22 05:46:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/06/17 05:34:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions
[2014/06/17 05:34:15 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions\[email protected]
[2014/06/04 18:18:07 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\c47bhyj3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/06/10 16:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/06/10 16:16:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2014/02/13 02:14:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe File not found
O4 - HKLM..\Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe (WinZip Computing International, LLC)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7304F139-455B-4604-934F-3AE9A180E444}: NameServer = 208.69.150.252,208.69.150.250
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/22 14:13:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop
[2014/06/22 13:10:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Aimersoft
[2014/06/22 06:00:13 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\77AD22D4.sys
[2014/06/19 05:01:50 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\285E2B0A.sys
[2014/06/18 01:04:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\39D92AFE.sys
[2014/06/17 06:12:52 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\4AE47D20.sys
[2014/06/11 05:20:35 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\309F4696.sys
[2014/06/10 16:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/06/10 15:34:32 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\6AE74167.sys
[2014/06/09 14:18:28 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\5E71306C.sys
[2014/06/02 08:02:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\PotPlayerMini
[2014/06/02 07:58:30 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2014/06/02 07:58:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2014/06/02 07:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Daum
[2014/06/01 23:20:17 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\18E114C1.sys
[2014/06/01 08:27:01 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\28D37C66.sys
[2014/05/25 02:52:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Facebook
[2014/05/24 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\WizTree
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/06/22 14:03:59 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 14:03:59 | 000,003,648 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/22 14:01:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/22 13:58:54 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/22 12:52:41 | 346,020,908 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/22 12:50:42 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/22 06:39:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/22 06:36:25 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
[2014/06/22 06:00:13 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\77AD22D4.sys
[2014/06/22 03:36:17 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
[2014/06/21 21:17:40 | 000,189,191 | ---- | M] () -- C:\Users\Owner\Documents\drew drew.rtf
[2014/06/19 05:01:50 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\285E2B0A.sys
[2014/06/18 01:04:30 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\39D92AFE.sys
[2014/06/17 13:47:57 | 000,010,518 | ---- | M] () -- C:\Users\Owner\Documents\a.rtf
[2014/06/17 06:12:52 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\4AE47D20.sys
[2014/06/15 12:15:03 | 000,002,597 | ---- | M] () -- C:\Users\Owner\Desktop\Paint Shop Pro 7.lnk
[2014/06/14 14:17:48 | 000,068,492 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2014/06/11 05:31:12 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\309F4696.sys
[2014/06/10 15:34:32 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\6AE74167.sys
[2014/06/09 14:18:28 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\5E71306C.sys
[2014/06/06 04:39:20 | 000,042,247 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2014/06/04 03:01:01 | 000,089,877 | ---- | M] () -- C:\Users\Owner\Documents\experience p.rtf
[2014/06/02 08:00:52 | 000,000,931 | ---- | M] () -- C:\Users\Owner\Desktop\PotPlayer.lnk
[2014/06/02 05:21:05 | 000,003,339 | ---- | M] () -- C:\Users\Owner\Documents\friends phone numbers.rtf
[2014/06/01 23:20:17 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\18E114C1.sys
[2014/06/01 08:27:01 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\28D37C66.sys
[2014/05/31 22:26:20 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/27 23:53:24 | 000,005,246 | ---- | M] () -- C:\Users\Owner\Documents\computer HOW TO.rtf
[2014/05/24 23:19:58 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/24 23:19:58 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/24 22:13:58 | 000,483,467 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_3145.MOV
[2014/05/24 07:32:25 | 000,051,740 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/06/06 22:55:04 | 346,020,908 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/06/02 08:00:52 | 000,000,931 | ---- | C] () -- C:\Users\Owner\Desktop\PotPlayer.lnk
[2014/05/27 23:01:34 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000UA.job
[2014/05/27 23:01:31 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2753939306-2592966707-3986022943-1000Core.job
[2014/05/24 22:13:51 | 000,483,467 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_3145.MOV
[2013/11/14 22:02:23 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/11/12 17:17:06 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2013/11/12 17:17:06 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2013/11/07 10:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamShapes.ini
[2013/11/07 10:26:10 | 000,000,408 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\CamLayout.ini
[2013/11/07 10:26:10 | 000,000,100 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Camdata.ini
[2013/11/07 10:20:49 | 000,000,096 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\version2.xml
[2013/10/02 17:16:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/26 12:14:34 | 000,006,169 | -H-- | C] () -- C:\Windows\System32\BTImages.dat
[2013/06/22 20:58:01 | 000,000,114 | -H-- | C] () -- C:\Users\Owner\AppData\Local\tokdet56.dat
[2013/05/19 00:01:40 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2013/05/19 00:01:40 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2013/04/27 13:58:00 | 000,000,235 | ---- | C] () -- C:\Windows\WinInit.Ini
[2013/04/19 23:43:38 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2013/04/19 23:36:49 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2013/04/19 23:36:49 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2013/04/19 23:36:49 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2013/04/19 23:35:55 | 001,077,248 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2013/04/19 23:35:55 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2013/04/19 23:35:55 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2013/03/19 20:58:38 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-OWNER-PC-Microsoft®-Windows-Vista™-Home-Basic-(32-bit).dat
[2013/01/19 02:52:09 | 000,000,022 | ---- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/08/20 22:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 14:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 14:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 19:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 02:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/12/14 00:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2013/12/30 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2014/03/29 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2014/03/30 01:32:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iDealshare VideoGo
[2008/12/13 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2014/06/02 08:02:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PotPlayerMini
[2013/06/28 06:35:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 02:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2014/03/30 03:52:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Edited by mango_nj, 22 June 2014 - 04:21 PM.
Sign In
Create Account
