Jump to content

Ellissa

Honorary Members
  • Posts

    68
  • Joined

  • Last visited

Reputation

0 Neutral

About Ellissa

  • Birthday 05/22/1987
  1. I downloaded the firefox addons, but I don't think I'll use Noscript. My husband isn't great with computers and I know he'll be confused by it, which will mean me constanting helping him. Thanks for your help though!
  2. And does anyone else find Noscript kind of annoying? Lol
  3. Thanks. How do you feel about Avast (Internet Security version) for my firewall? I've used it for years and have actually liked it. Idk.
  4. Yep. Everything is still showing up fine on MBAM? Shall I uninstall all these programs you had me downloaded? Or just simply "Delete" them?
  5. MBAM scans still clear. I'm gonna give it another day to be safe though. ^^ Thank you for all you're help so far, I REALLY appreciate your time.
  6. I scanned again just now and still nothing. Hopefully this keeps up! (Cause usually I was getting atleast three threats a day.. >.<)
  7. No objects detected on MBAM. But I'm not holding my breath, lol.. Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.01.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Becka :: BECKA-PC [administrator] Protection: Enabled 12/1/2012 10:40:26 AM mbam-log-2012-12-01 (10-40-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206802 Time elapsed: 1 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  8. OTL Scan. OTL logfile created on: 12/1/2012 10:31:36 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becka\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 4.65 Gb Available Physical Memory | 80.83% Memory free 11.50 Gb Paging File | 10.37 Gb Available in Paging File | 90.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 686.54 Gb Total Space | 571.51 Gb Free Space | 83.24% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BECKA-PC | User Name: Becka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Becka\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (LeapFrog-USBLAN) -- C:\Windows\SysNative\drivers\btblan.sys (Belcarra Technologies) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\drivers\WN111v2x.sys (Atheros Communications, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS368 IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 16:31:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:46:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:46:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:46:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:46:15 | 000,000,000 | ---D | M] [2012/11/14 22:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becka\AppData\Roaming\Mozilla\Extensions [2012/12/01 10:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions [2012/11/29 17:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/11/15 16:31:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/10/26 18:46:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/08/11 09:16:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/08/29 18:32:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/13 07:57:24 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/11/20 18:48:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB99BCE6-F373-4F23-8A44-448AE2F507A3}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/30 20:15:08 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/30 16:18:41 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{6B22F45F-D00E-4A7A-9957-5BAB6D90820A} [2012/11/30 14:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Becka\Desktop\OTL.exe [2012/11/29 19:08:07 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{F2F401DA-0398-4609-A484-268D4F80A15C} [2012/11/20 19:15:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/20 18:50:26 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/20 15:09:25 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Becka\Desktop\ComboFix.exe [2012/11/20 14:22:31 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Becka\Desktop\aswMBR.exe [2012/11/17 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{971CEF98-0AE2-4802-B668-19A88A97FB31} [2012/11/17 13:08:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/17 13:08:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/17 13:08:48 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/15 15:17:24 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/15 15:17:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/15 15:16:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/11/15 15:16:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/11/15 15:16:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/11/15 15:16:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/11/15 15:16:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/11/15 15:16:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/11/15 15:16:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/11/15 15:16:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/11/15 15:16:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/11/15 15:16:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/11/15 15:16:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/11/15 15:16:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/11/15 15:16:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/11/15 15:16:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/11/15 15:16:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/11/15 15:16:37 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/11/15 15:16:37 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/11/15 15:16:37 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/11/15 15:16:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/11/15 15:16:37 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/11/15 15:16:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/11/15 15:16:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/11/15 15:16:36 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/11/15 15:16:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/11/15 15:11:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/15 15:11:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/15 15:11:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/15 15:11:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/15 15:11:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/15 15:11:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/15 15:11:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/15 15:11:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/15 15:10:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/15 15:10:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/15 15:10:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/15 15:10:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/15 15:10:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/15 15:10:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/15 15:10:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/15 15:09:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/15 15:09:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/15 15:09:04 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/15 15:09:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/15 15:07:42 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/11/15 15:07:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/11/15 08:56:00 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/15 08:56:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/15 08:56:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/15 08:55:55 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/15 08:55:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/15 08:55:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/15 08:55:36 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/15 08:55:36 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/15 08:55:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/15 08:55:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/15 08:55:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/12 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{AA3E3771-FEE0-4AF5-8B23-BF49E94AE33C} [2012/11/11 19:21:40 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{1F5F657C-3C9F-41C0-9424-BE2915B514F1} [2012/11/10 17:35:56 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{C34AA23B-12F7-4723-AEE4-368352342FDC} [2012/11/08 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{7EDD5EC3-593E-4130-B76C-058895A4DC83} [2012/11/07 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{BCD6057E-D299-44DC-88BE-F591A2558D5F} [2012/11/01 17:52:51 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{77403B00-B14C-483C-A446-A685860CF598} ========== Files - Modified Within 30 Days ========== [2012/12/01 10:29:35 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/12/01 10:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/01 10:29:20 | 335,044,607 | -HS- | M] () -- C:\hiberfil.sys [2012/12/01 10:28:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/01 10:28:38 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/30 21:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/30 21:04:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/30 20:21:35 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/30 20:21:35 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/30 20:21:35 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/30 14:37:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becka\Desktop\OTL.exe [2012/11/30 13:33:05 | 000,681,984 | ---- | M] () -- C:\Users\Becka\Desktop\CKScanner.exe [2012/11/21 17:09:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/11/20 18:48:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/20 15:09:49 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Becka\Desktop\ComboFix.exe [2012/11/20 14:43:15 | 000,543,531 | ---- | M] () -- C:\Users\Becka\Desktop\AdwCleaner.exe [2012/11/20 14:22:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Becka\Desktop\aswMBR.exe [2012/11/15 15:51:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/15 15:51:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/11/15 15:25:22 | 000,405,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/13 13:32:48 | 545,582,378 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2012/11/30 13:33:03 | 000,681,984 | ---- | C] () -- C:\Users\Becka\Desktop\CKScanner.exe [2012/11/20 14:43:10 | 000,543,531 | ---- | C] () -- C:\Users\Becka\Desktop\AdwCleaner.exe [2012/11/15 15:17:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 15:09:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/02/07 18:48:47 | 000,003,584 | ---- | C] () -- C:\Users\Becka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012/01/12 23:08:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/06 13:43:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/06 13:43:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/06 13:43:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/06 13:43:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/11/22 23:52:12 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2010/03/29 14:28:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/03/27 01:18:08 | 000,000,000 | ---- | C] () -- C:\Users\Becka\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  9. Here's the log that posted after the reboot. Now I'll be doing the scans.. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! HKEY_USERS\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\components folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\searchbar folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\options folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\panels folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton\icons folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\weatherbutton folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\uwa folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\images folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\scripts folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\images folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default\css folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\default folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels\css folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\panels folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib\debugbar folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin\lib folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\skin folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale\toolbar folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale\lib folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\locale folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data\weather folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data\search folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\data folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\widgets folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\modules folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content\lib folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome\content folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}\chrome folder moved successfully. C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} folder moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Becka\Desktop\cmd.bat deleted successfully. C:\Users\Becka\Desktop\cmd.txt deleted successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Becka ->Temp folder emptied: 3241 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 19936715 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 492 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 608 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 19.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12012012_102803 Files\Folders moved on Reboot... C:\Users\Becka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  10. And another threat. Fourth one today. :l Malwarebytes Anti-Malware (PRO) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.01.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Becka :: BECKA-PC [administrator] Protection: Enabled 11/30/2012 8:32:29 PM mbam-log-2012-11-30 (20-32-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206751 Time elapsed: 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. Okay. This was the only log I got. OTL logfile created on: 11/30/2012 8:25:29 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becka\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 4.47 Gb Available Physical Memory | 77.73% Memory free 11.50 Gb Paging File | 10.14 Gb Available in Paging File | 88.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 686.54 Gb Total Space | 571.73 Gb Free Space | 83.28% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: BECKA-PC | User Name: Becka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Becka\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer) SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (LeapFrog-USBLAN) -- C:\Windows\SysNative\drivers\btblan.sys (Belcarra Technologies) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WN111v2) -- C:\Windows\SysNative\drivers\WN111v2x.sys (Atheros Communications, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 FF F4 08 73 CF CD 01 [binary data] IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_enUS368 IE - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/15 16:31:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:46:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:46:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:46:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/26 18:46:15 | 000,000,000 | ---D | M] [2012/11/14 22:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becka\AppData\Roaming\Mozilla\Extensions [2012/11/20 21:21:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions [2012/11/14 22:46:37 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Becka\AppData\Roaming\Mozilla\Firefox\Profiles\zl67rjc3.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f} [2012/11/29 17:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/11/15 16:31:03 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/10/26 18:46:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/08/11 09:16:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/08/29 18:32:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/10/13 07:57:24 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2012/11/20 18:48:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-142491608-2200593318-2864285238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB99BCE6-F373-4F23-8A44-448AE2F507A3}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/30 20:15:08 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/30 16:18:41 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{6B22F45F-D00E-4A7A-9957-5BAB6D90820A} [2012/11/30 14:37:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Becka\Desktop\OTL.exe [2012/11/29 19:08:07 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{F2F401DA-0398-4609-A484-268D4F80A15C} [2012/11/20 19:15:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/20 18:50:26 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/11/20 15:09:25 | 005,004,421 | R--- | C] (Swearware) -- C:\Users\Becka\Desktop\ComboFix.exe [2012/11/20 14:22:31 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Becka\Desktop\aswMBR.exe [2012/11/17 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{971CEF98-0AE2-4802-B668-19A88A97FB31} [2012/11/17 13:08:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/11/17 13:08:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/11/17 13:08:48 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012/11/15 15:17:24 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/11/15 15:17:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/11/15 15:16:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2012/11/15 15:16:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2012/11/15 15:16:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2012/11/15 15:16:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2012/11/15 15:16:41 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2012/11/15 15:16:38 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2012/11/15 15:16:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2012/11/15 15:16:38 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2012/11/15 15:16:38 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2012/11/15 15:16:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2012/11/15 15:16:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2012/11/15 15:16:38 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2012/11/15 15:16:38 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2012/11/15 15:16:37 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2012/11/15 15:16:37 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2012/11/15 15:16:37 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2012/11/15 15:16:37 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2012/11/15 15:16:37 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2012/11/15 15:16:37 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2012/11/15 15:16:37 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2012/11/15 15:16:37 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2012/11/15 15:16:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2012/11/15 15:16:36 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2012/11/15 15:16:36 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2012/11/15 15:11:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/11/15 15:11:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/11/15 15:11:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/11/15 15:11:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/11/15 15:11:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/11/15 15:11:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/11/15 15:11:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/11/15 15:11:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/11/15 15:10:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/11/15 15:10:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/11/15 15:10:58 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/11/15 15:10:58 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/11/15 15:10:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/11/15 15:10:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/11/15 15:10:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/11/15 15:09:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/11/15 15:09:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/11/15 15:09:04 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/11/15 15:09:04 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/11/15 15:07:42 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2012/11/15 15:07:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012/11/15 08:56:00 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012/11/15 08:56:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012/11/15 08:56:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012/11/15 08:55:55 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012/11/15 08:55:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012/11/15 08:55:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012/11/15 08:55:36 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012/11/15 08:55:36 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012/11/15 08:55:35 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012/11/15 08:55:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012/11/15 08:55:34 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012/11/12 16:24:57 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{AA3E3771-FEE0-4AF5-8B23-BF49E94AE33C} [2012/11/11 19:21:40 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{1F5F657C-3C9F-41C0-9424-BE2915B514F1} [2012/11/10 17:35:56 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{C34AA23B-12F7-4723-AEE4-368352342FDC} [2012/11/08 15:44:49 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{7EDD5EC3-593E-4130-B76C-058895A4DC83} [2012/11/07 16:05:38 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{BCD6057E-D299-44DC-88BE-F591A2558D5F} [2012/11/01 17:52:51 | 000,000,000 | ---D | C] -- C:\Users\Becka\AppData\Local\{77403B00-B14C-483C-A446-A685860CF598} ========== Files - Modified Within 30 Days ========== [2012/11/30 20:24:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/30 20:24:32 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/30 20:21:35 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/30 20:21:35 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/30 20:21:35 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/30 20:17:33 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/30 20:17:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/30 20:17:05 | 335,044,607 | -HS- | M] () -- C:\hiberfil.sys [2012/11/30 20:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/30 20:04:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/30 14:37:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becka\Desktop\OTL.exe [2012/11/30 13:33:05 | 000,681,984 | ---- | M] () -- C:\Users\Becka\Desktop\CKScanner.exe [2012/11/21 17:09:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/11/20 18:48:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/11/20 15:09:49 | 005,004,421 | R--- | M] (Swearware) -- C:\Users\Becka\Desktop\ComboFix.exe [2012/11/20 14:43:15 | 000,543,531 | ---- | M] () -- C:\Users\Becka\Desktop\AdwCleaner.exe [2012/11/20 14:22:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Becka\Desktop\aswMBR.exe [2012/11/15 15:51:31 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/11/15 15:51:31 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/11/15 15:25:22 | 000,405,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/11/13 13:32:48 | 545,582,378 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2012/11/30 13:33:03 | 000,681,984 | ---- | C] () -- C:\Users\Becka\Desktop\CKScanner.exe [2012/11/20 14:43:10 | 000,543,531 | ---- | C] () -- C:\Users\Becka\Desktop\AdwCleaner.exe [2012/11/15 15:17:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 15:09:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/02/07 18:48:47 | 000,003,584 | ---- | C] () -- C:\Users\Becka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2012/01/12 23:08:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/01/06 13:43:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/01/06 13:43:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/01/06 13:43:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/01/06 13:43:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/11/22 23:52:12 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2010/03/29 14:28:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/03/27 01:18:08 | 000,000,000 | ---- | C] () -- C:\Users\Becka\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
  12. Okay, so OTL, "Run Scan", with "All Users", "Minimal Output" and LOP on Purity unchecked. Correct? (Lol, sorry, I like to be sure..)
  13. Err, wait, you wanted me to run another OTL scan? (OTL same as before except without LOP and Purity unchecked?) Or MBAM?
  14. No worries, lol. I thought I read it in there somewhere too. Here's OTL's log that popped up after rebooting. I'll also scan with MBAM. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Becka ->Temp folder emptied: 615009 bytes ->Temporary Internet Files folder emptied: 56058020 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 158727583 bytes ->Opera cache emptied: 17340040 bytes ->Flash cache emptied: 3342 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 129728 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16160 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 222.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11302012_201508 Files\Folders moved on Reboot... C:\Users\Becka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  15. I saw that name in there and thought it to be weird.. Cause I don't have Google Chrome installed nor do I use (Or have ever.) I only use firefox. ): I've tried finding it on my computer and see it no where.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.