Jump to content

cjinca

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrCharlie - THANK YOU for helping me clean up PUP virus. Your quick responses and instructions made it very easy. Tip in the jar :)

  2. Very good, Charlie. I believe all is well. I had a few hiccups with browsers not loading and not being able to delete RK. Message said it was already running. So I logged off and back on, was able to delete RK and browsers seem good now. Thanks again and Happy Thanksgiving to you and yours! Carol
  3. questions regarding removing programs and logs. they were all still in folder after running OTC. ADW had uninstall option but I'm not finding an uninstall option in RK or FRST. Is sending to trash going to remove them?
  4. disregard my above comment - confused on my part. I'll install the recommendations when we're through with scans. Thanks!
  5. I think I pay have copy/pasted before it was completed. do again?
  6. Results of screen317's Security Check version 0.99.77 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Please wait while WMIC compiles updated MOF files.d i s p l a y N a m e ECHO is off. A v i r a ECHO is off. D e s k t o p ECHO is off. Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File SUPERAntiSpyware Secunia PSI (2.0.0.4003) Malwarebytes Anti-Malware version 1.75.0.1300 Adobe Flash Player 11.9.900.152 Adobe Reader XI Mozilla Firefox (25.0.1) Google Chrome 31.0.1650.48 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 7% ````````````````````End of Log``````````````````````
  7. OK. I'll run SC now. I don't know a lot about how tech/www works; I know tracking is common and not always indicative of malicious behavior, but... ads still seem to specific to my recent searches. Maybe just paranoid now but wanted to mention it.
  8. Great! Again, much thanks MrCharlie. Do you recommend Adblock or Adblock Plus? I used to use AdBlock and not sure when/why I let it go. when this latest virus hit, I noticed all the ads and was going to install adblock again but read a large percentage of recent reviews citing problematic changes in newer versions. Paypal donation in a sec. Thanks again for your help! Carol
  9. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-11-2013 01 Ran by Carol at 2013-11-26 17:25:27 Running from C:\Documents and Settings\Carol\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7} ==================== Installed Programs ====================== Adobe Flash Player 11 Plugin (Version: 11.9.900.152) Adobe Reader XI (11.0.05) (Version: 11.0.05) Amazon MP3 Downloader 1.0.15 (Version: 1.0.15) Apple Application Support (Version: 2.1.5) Apple Software Update (Version: 2.1.3.127) Avira Free Antivirus (Version: 14.0.1.749) Broadcom 440x 10/100 Integrated Controller (Version: 8.03.09) CleanUp! Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Does It Belong Dropbox (HKCU Version: 2.0.22) DW WLAN Card Utility (Version: 5.60.18.9) Evernote v. 5.0.3 (Version: 5.0.3.1614) Foxit Reader (Version: 6.0.3.524) Garmin Express (Version: 2.1.5) GmailDefaultMaker version 3.0.1.0 (Version: 3.0.1.0) Google Chrome (Version: 31.0.1650.57) Google Update Helper (Version: 1.3.21.165) High Definition Audio Driver Package - KB888111 (Version: 20040219.000000) Intel® Graphics Media Accelerator Driver LiveUpdate 3.1 (Symantec Corporation) (Version: 3.1.0.99) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Excel Viewer (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1) Mozilla Maintenance Service (Version: 25.0.1) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) QuickTime (Version: 7.71.80.42) Secunia PSI (2.0.0.4003) (Version: 2.0.0.4003) SigmaTel Audio (Version: 5.10.5210.0) SUPERAntiSpyware (Version: 5.6.1020) Update for Windows XP (KB2345886) (Version: 1) Update for Windows XP (KB2541763) (Version: 1) Update for Windows XP (KB2607712) (Version: 1) Update for Windows XP (KB2616676) (Version: 1) Update for Windows XP (KB2641690) (Version: 1) Update for Windows XP (KB2718704) (Version: 1) Update for Windows XP (KB2736233) (Version: 1) Update for Windows XP (KB951978) (Version: 1) Update for Windows XP (KB955759) (Version: 1) Update for Windows XP (KB967715) (Version: 1) Update for Windows XP (KB968389) (Version: 1) Update for Windows XP (KB971029) (Version: 1) Update for Windows XP (KB971737) (Version: 1) Update for Windows XP (KB973687) (Version: 1) Update for Windows XP (KB973815) (Version: 1) VLC media player 2.1.1 (Version: 2.1.1) WebFldrs XP (Version: 9.50.7523) Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0) Windows Internet Explorer 7 (Version: 20070813.185237) Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 (Version: 20080414.031525) Yahoo! Messenger Yahoo! Software Update ==================== Restore Points ========================= 06-09-2013 16:20:29 System Checkpoint 07-09-2013 16:20:50 System Checkpoint 08-09-2013 18:17:27 System Checkpoint 09-09-2013 20:14:42 System Checkpoint 10-09-2013 20:56:26 System Checkpoint 11-09-2013 22:43:16 System Checkpoint 12-09-2013 22:58:17 System Checkpoint 14-09-2013 09:29:52 System Checkpoint 15-09-2013 09:36:39 System Checkpoint 16-09-2013 10:36:42 System Checkpoint 17-09-2013 11:40:07 System Checkpoint 18-09-2013 23:33:38 System Checkpoint 20-09-2013 00:25:08 System Checkpoint 21-09-2013 02:10:36 System Checkpoint 22-09-2013 17:53:22 System Checkpoint 23-09-2013 20:03:04 System Checkpoint 24-09-2013 20:17:10 System Checkpoint 25-09-2013 21:05:42 System Checkpoint 26-09-2013 22:02:31 System Checkpoint 27-09-2013 22:16:52 System Checkpoint 28-09-2013 23:02:32 System Checkpoint 30-09-2013 00:02:46 System Checkpoint 01-10-2013 01:16:17 System Checkpoint 02-10-2013 01:20:44 System Checkpoint 03-10-2013 02:20:52 System Checkpoint 04-10-2013 02:24:52 System Checkpoint 05-10-2013 05:16:52 System Checkpoint 06-10-2013 09:16:54 System Checkpoint 07-10-2013 14:10:21 Removed Evernote v. 4.6.7 07-10-2013 14:13:14 Installed Evernote v. 5.0.2 08-10-2013 16:03:57 System Checkpoint 09-10-2013 16:23:34 System Checkpoint 10-10-2013 16:56:09 System Checkpoint 11-10-2013 19:58:30 System Checkpoint 12-10-2013 20:40:56 System Checkpoint 14-10-2013 14:57:51 System Checkpoint 15-10-2013 17:39:39 Software Distribution Service 3.0 16-10-2013 17:53:53 System Checkpoint 17-10-2013 17:57:15 System Checkpoint 17-10-2013 21:43:47 Installed Java 7 Update 45 18-10-2013 21:51:42 System Checkpoint 19-10-2013 22:37:16 System Checkpoint 20-10-2013 22:54:56 System Checkpoint 22-10-2013 01:07:54 System Checkpoint 23-10-2013 01:11:51 System Checkpoint 24-10-2013 02:10:41 System Checkpoint 25-10-2013 02:59:29 System Checkpoint 25-10-2013 15:01:55 Removed Evernote v. 5.0.2 25-10-2013 15:03:07 Installed Evernote v. 5.0.3 26-10-2013 15:04:43 System Checkpoint 27-10-2013 15:37:04 System Checkpoint 28-10-2013 16:25:21 System Checkpoint 29-10-2013 18:26:22 System Checkpoint 30-10-2013 19:45:42 System Checkpoint 31-10-2013 20:24:17 System Checkpoint 01-11-2013 20:55:00 System Checkpoint 02-11-2013 23:24:04 System Checkpoint 03-11-2013 23:59:29 System Checkpoint 05-11-2013 00:11:29 System Checkpoint 06-11-2013 03:46:01 System Checkpoint 07-11-2013 04:45:26 System Checkpoint 08-11-2013 05:45:18 System Checkpoint 09-11-2013 18:20:19 System Checkpoint 10-11-2013 19:01:52 System Checkpoint 11-11-2013 19:58:30 System Checkpoint 12-11-2013 20:47:48 System Checkpoint 13-11-2013 21:30:59 System Checkpoint 14-11-2013 16:59:48 Installed MSXML 4.0 SP3 Parser 15-11-2013 17:50:04 System Checkpoint 16-11-2013 22:06:14 System Checkpoint 17-11-2013 23:12:35 System Checkpoint 19-11-2013 04:10:43 System Checkpoint 20-11-2013 10:21:52 System Checkpoint 22-11-2013 07:50:12 System Checkpoint 23-11-2013 10:18:44 System Checkpoint 24-11-2013 11:10:24 System Checkpoint 24-11-2013 21:15:56 Installed QuickTime 25-11-2013 22:34:00 System Checkpoint 26-11-2013 23:42:48 System Checkpoint ==================== Hosts content: ========================== 2004-08-03 17:07 - 2013-01-14 08:54 - 00445005 ____N C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 7304a6ca-1881-4040-959d-869b230b9195.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task df513495-11cc-466f-bdc6-d296469001be.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-18 21:38 - 2009-10-07 14:01 - 00757760 _____ () C:\WINDOWS\System32\bcm1xsup.dll 2013-08-09 07:37 - 2013-08-08 12:02 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 2011-04-18 21:38 - 2009-10-07 14:01 - 00143360 _____ () C:\WINDOWS\system32\preflib.dll 2013-09-26 12:50 - 2013-09-26 12:50 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll 2013-09-26 12:49 - 2013-09-26 12:49 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll 2012-06-16 07:25 - 2012-05-25 03:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. Name: USB Root Hub Description: USB Root Hub Class Guid: {36FC9E60-C465-11CF-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors: ================== Error: (11/19/2013 08:04:19 PM) (Source: Application Hang) (User: ) Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (11/19/2013 08:03:01 PM) (Source: Application Hang) (User: ) Description: Hanging application WINWORD.EXE, version 11.0.8350.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (11/19/2013 08:42:00 AM) (Source: Application Error) (User: ) Description: Faulting application 8029_0.exe, version 1.0.0.1, faulting module quicktimeinternetextras.qtx, version 4.1.1.28, fault address 0x00078a0a. Processing media-specific event for [8029_0.exe!ws!] Error: (11/18/2013 08:18:09 AM) (Source: Application Hang) (User: ) Description: Hanging application firefox.exe, version 25.0.0.5046, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (11/17/2013 06:53:13 PM) (Source: Application Hang) (User: ) Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (11/17/2013 06:46:27 PM) (Source: Application Hang) (User: ) Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (11/17/2013 06:43:15 PM) (Source: Application Hang) (User: ) Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (11/17/2013 06:43:15 PM) (Source: Application Hang) (User: ) Description: Hanging application AcroRd32.exe, version 11.0.4.63, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (11/17/2013 05:55:28 PM) (Source: Application Hang) (User: ) Description: Fault bucket -376624149. Error: (11/17/2013 05:54:39 PM) (Source: Application Hang) (User: ) Description: Hanging application Evernote.exe, version 5.0.3.1614, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors: ============= Error: (11/26/2013 03:08:37 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:32 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:28 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:24 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:24 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:24 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:24 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:07 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:08:03 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Error: (11/26/2013 03:07:59 PM) (Source: 0) (User: ) Description: \Device\Harddisk0\D Microsoft Office Sessions: ========================= Error: (11/19/2013 08:04:19 PM) (Source: Application Hang)(User: ) Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000 Error: (11/19/2013 08:03:01 PM) (Source: Application Hang)(User: ) Description: WINWORD.EXE11.0.8350.0hungapp0.0.0.000000000 Error: (11/19/2013 08:42:00 AM) (Source: Application Error)(User: ) Description: 8029_0.exe1.0.0.1quicktimeinternetextras.qtx4.1.1.2800078a0a Error: (11/18/2013 08:18:09 AM) (Source: Application Hang)(User: ) Description: firefox.exe25.0.0.5046hungapp0.0.0.000000000 Error: (11/17/2013 06:53:13 PM) (Source: Application Hang)(User: ) Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000 Error: (11/17/2013 06:46:27 PM) (Source: Application Hang)(User: ) Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000 Error: (11/17/2013 06:43:15 PM) (Source: Application Hang)(User: ) Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000 Error: (11/17/2013 06:43:15 PM) (Source: Application Hang)(User: ) Description: AcroRd32.exe11.0.4.63hungapp0.0.0.000000000 Error: (11/17/2013 05:55:28 PM) (Source: Application Hang)(User: ) Description: -376624149 Error: (11/17/2013 05:54:39 PM) (Source: Application Hang)(User: ) Description: Evernote.exe5.0.3.1614hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 1014.37 MB Available physical RAM: 655.43 MB Total Pagefile: 2441.8 MB Available Pagefile: 1739.62 MB Total Virtual: 2047.88 MB Available Virtual: 1963.08 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.53 GB) (Free:47.74 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 06610660) Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-11-2013 01 Ran by Carol (administrator) on CAROL-C6985B789 on 26-11-2013 17:22:46 Running from C:\Documents and Settings\Carol\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 7 Boot Mode: Normal ==================== Processes (Whitelisted) =================== () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Secunia) C:\Program Files\Secunia\PSI\psia.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Secunia) C:\Program Files\Secunia\PSI\sua.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (SigmaTel, Inc.) C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [bluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [sigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504 2007-05-10] (SigmaTel, Inc.) HKLM\...\Run: [broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [2498560 2009-10-07] (Dell Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-19] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKCU\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.) HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [5717272 2013-11-07] (SUPERAntiSpyware) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Documents and Settings\Carol\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo.com/search?fr=mcafee&p={searchTerms} BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation) ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default FF SelectedSearchEngine: Google FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml FF Extension: FireShot - C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} FF Extension: Garmin Communicator - C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} FF Extension: WOT - C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} FF Extension: Adblock Plus - C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi Chrome: ======= CHR HomePage: https://mail.google.com/mail/u/0/#inbox CHR RestoreOnStartup: "https://mail.google.com/mail/u/0/?shva=1#inbox", "hxxp://www.google.com" CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll () CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation) CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.)) CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Drive) - C:\DOCUME~1\Carol\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (WOT) - C:\DOCUME~1\Carol\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.3.1_0 CHR Extension: (YouTube) - C:\DOCUME~1\Carol\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\DOCUME~1\Carol\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Google Wallet) - C:\DOCUME~1\Carol\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (Gmail) - C:\DOCUME~1\Carol\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-19] (Avira Operations GmbH & Co. KG) S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE [2528960 2006-09-02] (Symantec Corporation) R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [994360 2011-10-13] (Secunia) R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [399416 2011-10-13] (Secunia) R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2232320 2009-10-07] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-11-19] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [137208 2013-11-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2649216 2009-10-07] (Broadcom Corporation) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-08] (Avira GmbH) R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-05-10] (SigmaTel, Inc.) S4 IntelIde; No ImagePath U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [x] S3 usbhub; system32\DRIVERS\usbhub.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-26 17:22 - 2013-11-26 17:24 - 00012764 _____ C:\Documents and Settings\Carol\Desktop\FRST.txt 2013-11-26 17:18 - 2013-11-26 17:18 - 00000000 ____D C:\FRST 2013-11-26 17:16 - 2013-11-26 17:16 - 01091605 _____ (Farbar) C:\Documents and Settings\Carol\Desktop\FRST.exe 2013-11-26 14:36 - 2013-11-26 14:36 - 00008704 _____ C:\Documents and Settings\Carol\Desktop\AdwCleaner[R0].txt 2013-11-26 09:32 - 2013-11-26 14:44 - 00000000 ____D C:\AdwCleaner 2013-11-26 09:31 - 2013-11-26 09:31 - 01091882 _____ C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe 2013-11-25 21:22 - 2013-11-25 21:22 - 00003639 _____ C:\Documents and Settings\Carol\Desktop\RKreport[0]_S_11252013_212204.txt 2013-11-25 21:19 - 2013-11-25 21:24 - 00000000 ____D C:\Documents and Settings\Carol\Desktop\RK_Quarantine 2013-11-25 21:18 - 2013-11-25 21:18 - 03687936 _____ C:\Documents and Settings\Carol\Desktop\RogueKiller.exe 2013-11-25 21:00 - 2013-11-25 21:02 - 00011713 _____ C:\Documents and Settings\Carol\Desktop\dds.txt 2013-11-25 21:00 - 2013-11-25 21:00 - 00018527 _____ C:\Documents and Settings\Carol\Desktop\attach.txt 2013-11-25 11:58 - 2013-11-25 11:58 - 00000000 ____D C:\Documents and Settings\Carol\Application Data\Malwarebytes 2013-11-25 11:57 - 2013-11-25 11:58 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-25 11:57 - 2013-11-25 11:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-11-25 11:57 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-11-24 19:34 - 2013-11-25 08:02 - 00000000 ____D C:\Documents and Settings\Carol\Application Data\Apple Computer 2013-11-24 13:17 - 2013-11-24 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2013-11-24 13:16 - 2013-11-24 13:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2013-11-24 13:12 - 2013-11-24 13:12 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-11-24 13:11 - 2013-11-24 13:11 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-11-24 13:11 - 2013-11-24 13:11 - 00000000 ____D C:\Documents and Settings\Carol\Local Settings\Application Data\Apple 2013-11-24 13:10 - 2013-11-24 13:10 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk 2013-11-24 13:10 - 2013-11-24 13:10 - 00000000 ____D C:\Program Files\Apple Software Update 2013-11-24 13:10 - 2013-11-24 13:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple 2013-11-24 13:05 - 2013-11-24 13:05 - 00000000 ____D C:\Documents and Settings\Carol\Local Settings\Application Data\Apple Computer 2013-11-23 09:31 - 2013-11-23 09:31 - 00000000 ____D C:\Program Files\GmailDefaultMaker 2013-11-22 15:37 - 2013-11-22 15:37 - 00000000 ____D C:\Documents and Settings\Carol\My Documents\2013 01 JAN 2013-11-20 10:41 - 2013-11-20 10:41 - 00003892 _____ C:\Documents and Settings\Carol\My Documents\files that couldn't be defragged maybe helpful later.txt 2013-11-18 16:24 - 1999-12-17 09:13 - 00086016 _____ (MindVision Software) C:\WINDOWS\unvise32.exe 2013-11-18 16:23 - 2013-11-19 12:04 - 00050452 _____ C:\WINDOWS\system32\QuickTime.qtp 2013-11-18 16:22 - 2013-11-24 13:18 - 00000000 ____D C:\Program Files\QuickTime 2013-11-18 16:20 - 2013-11-18 16:24 - 00000000 ____D C:\Program Files\DOES IT BELONG ELI 2013-11-18 16:20 - 2013-11-18 16:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Does It Belong 2013-11-18 08:51 - 2013-11-19 07:29 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-17 18:30 - 2013-11-17 18:31 - 00000000 ____D C:\Documents and Settings\Carol\Desktop\BETH MONEY 2013-11-17 17:47 - 2013-11-17 17:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini111713-03.dmp 2013-11-17 15:27 - 2013-11-17 15:27 - 104760117 _____ C:\WINDOWS\system32\刲咜6 2013-11-17 14:28 - 2013-11-17 14:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini111713-02.dmp 2013-11-17 09:34 - 2013-11-17 09:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini111713-01.dmp 2013-11-17 09:28 - 2013-11-17 09:28 - 104695876 _____ C:\WINDOWS\system32\咜6 2013-11-16 14:02 - 2013-11-16 14:02 - 104637397 _____ C:\WINDOWS\system32\렫咜6 2013-11-14 10:25 - 2013-11-26 16:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-11-14 08:59 - 2013-11-14 10:49 - 00000000 ____D C:\Program Files\MSXML 4.0 2013-11-14 07:08 - 2013-11-14 07:08 - 104225154 _____ C:\WINDOWS\system32\籹Ꙥ咜6 2013-11-12 08:20 - 2013-11-12 08:20 - 103912569 _____ C:\WINDOWS\system32\搁찊咜6 2013-11-11 07:29 - 2013-11-11 07:29 - 103716811 _____ C:\WINDOWS\system32\逎咜6 2013-11-09 08:44 - 2013-11-10 21:15 - 103661301 _____ C:\WINDOWS\system32\ḫ盱咜6 2013-11-08 20:31 - 2013-11-08 20:31 - 103347145 _____ C:\WINDOWS\system32\졣咜6 2013-11-08 08:14 - 2013-11-14 09:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN 2013-11-06 02:04 - 2013-11-06 02:04 - 105172122 _____ C:\WINDOWS\system32\ꡀ챠咜6 2013-11-02 07:28 - 2013-11-02 07:28 - 00000000 ____D C:\Documents and Settings\Carol\Desktop\Unused Desktop Shortcuts 2013-10-31 15:39 - 2013-10-31 15:39 - 104470377 _____ C:\WINDOWS\system32\濹ꖸ咜6 ==================== One Month Modified Files and Folders ======= 2013-11-26 17:24 - 2013-11-26 17:22 - 00012764 _____ C:\Documents and Settings\Carol\Desktop\FRST.txt 2013-11-26 17:18 - 2013-11-26 17:18 - 00000000 ____D C:\FRST 2013-11-26 17:16 - 2013-11-26 17:16 - 01091605 _____ (Farbar) C:\Documents and Settings\Carol\Desktop\FRST.exe 2013-11-26 16:51 - 2013-11-14 10:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-11-26 16:39 - 2012-11-30 20:02 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-26 15:29 - 2013-06-04 06:29 - 00000510 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 7304a6ca-1881-4040-959d-869b230b9195.job 2013-11-26 15:28 - 2011-04-18 12:49 - 00361570 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2013-11-26 15:26 - 2011-04-18 20:05 - 01456889 _____ C:\WINDOWS\WindowsUpdate.log 2013-11-26 15:21 - 2011-04-18 20:12 - 00000278 ___SH C:\Documents and Settings\Carol\ntuser.ini 2013-11-26 15:21 - 2011-04-18 20:12 - 00000000 ____D C:\Documents and Settings\Carol 2013-11-26 15:21 - 2011-04-18 20:11 - 00032492 _____ C:\WINDOWS\SchedLgU.Txt 2013-11-26 15:21 - 2011-04-18 20:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-11-26 14:44 - 2013-11-26 09:32 - 00000000 ____D C:\AdwCleaner 2013-11-26 14:36 - 2013-11-26 14:36 - 00008704 _____ C:\Documents and Settings\Carol\Desktop\AdwCleaner[R0].txt 2013-11-26 12:39 - 2012-11-30 20:02 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-26 09:31 - 2013-11-26 09:31 - 01091882 _____ C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe 2013-11-25 21:24 - 2013-11-25 21:19 - 00000000 ____D C:\Documents and Settings\Carol\Desktop\RK_Quarantine 2013-11-25 21:22 - 2013-11-25 21:22 - 00003639 _____ C:\Documents and Settings\Carol\Desktop\RKreport[0]_S_11252013_212204.txt 2013-11-25 21:18 - 2013-11-25 21:18 - 03687936 _____ C:\Documents and Settings\Carol\Desktop\RogueKiller.exe 2013-11-25 21:02 - 2013-11-25 21:00 - 00011713 _____ C:\Documents and Settings\Carol\Desktop\dds.txt 2013-11-25 21:00 - 2013-11-25 21:00 - 00018527 _____ C:\Documents and Settings\Carol\Desktop\attach.txt 2013-11-25 19:58 - 2004-08-03 17:07 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-11-25 11:58 - 2013-11-25 11:58 - 00000000 ____D C:\Documents and Settings\Carol\Application Data\Malwarebytes 2013-11-25 11:58 - 2013-11-25 11:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-11-25 11:57 - 2013-11-25 11:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2013-11-25 08:02 - 2013-11-24 19:34 - 00000000 ____D C:\Documents and Settings\Carol\Application Data\Apple Computer 2013-11-25 02:00 - 2013-06-04 06:29 - 00000510 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task df513495-11cc-466f-bdc6-d296469001be.job 2013-11-24 19:13 - 2012-11-08 20:45 - 00000000 ____D C:\Documents and Settings\Carol\Application Data\Dropbox 2013-11-24 13:18 - 2013-11-18 16:22 - 00000000 ____D C:\Program Files\QuickTime 2013-11-24 13:17 - 2013-11-24 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2013-11-24 13:16 - 2013-11-24 13:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2013-11-24 13:12 - 2013-11-24 13:12 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-11-24 13:11 - 2013-11-24 13:11 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-11-24 13:11 - 2013-11-24 13:11 - 00000000 ____D C:\Documents and Settings\Carol\Local Settings\Application Data\Apple 2013-11-24 13:10 - 2013-11-24 13:10 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk 2013-11-24 13:10 - 2013-11-24 13:10 - 00000000 ____D C:\Program Files\Apple Software Update 2013-11-24 13:10 - 2013-11-24 13:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple 2013-11-24 13:05 - 2013-11-24 13:05 - 00000000 ____D C:\Documents and Settings\Carol\Local Settings\Application Data\Apple Computer 2013-11-23 09:31 - 2013-11-23 09:31 - 00000000 ____D C:\Program Files\GmailDefaultMaker 2013-11-22 16:10 - 2012-11-08 21:34 - 00000000 ___RD C:\Documents and Settings\Carol\My Documents\Dropbox 2013-11-22 15:37 - 2013-11-22 15:37 - 00000000 ____D C:\Documents and Settings\Carol\My Documents\2013 01 JAN 2013-11-22 15:27 - 2013-02-06 16:10 - 00000000 ____D C:\Documents and Settings\Carol\Application Data\vlc 2013-11-21 14:41 - 2013-01-07 09:57 - 00020992 _____ C:\Documents and Settings\Carol\Desktop\2013 VOUCHERS.xls 2013-11-21 06:26 - 2012-05-22 20:56 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-11-20 10:41 - 2013-11-20 10:41 - 00003892 _____ C:\Documents and Settings\Carol\My Documents\files that couldn't be defragged maybe helpful later.txt 2013-11-20 08:33 - 2011-04-18 12:48 - 00177028 _____ C:\WINDOWS\setupact.log 2013-11-19 12:04 - 2013-11-18 16:23 - 00050452 _____ C:\WINDOWS\system32\QuickTime.qtp 2013-11-19 07:29 - 2013-11-18 08:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-11-19 07:08 - 2011-04-18 12:48 - 00517010 ____C C:\WINDOWS\setupapi.log 2013-11-19 07:00 - 2013-08-09 07:37 - 00137208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2013-11-19 07:00 - 2013-08-09 07:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2013-11-19 07:00 - 2013-08-09 07:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2013-11-18 16:24 - 2013-11-18 16:20 - 00000000 ____D C:\Program Files\DOES IT BELONG ELI 2013-11-18 16:24 - 2013-11-18 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Does It Belong 2013-11-17 19:10 - 2013-02-04 12:44 - 00000000 ____D C:\Documents and Settings\Carol\Desktop\AH CASA 2013-11-17 18:31 - 2013-11-17 18:30 - 00000000 ____D C:\Documents and Settings\Carol\Desktop\BETH MONEY 2013-11-17 17:47 - 2013-11-17 17:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini111713-03.dmp 2013-11-17 17:47 - 2013-05-14 09:40 - 00000000 ____D C:\WINDOWS\Minidump 2013-11-17 15:27 - 2013-11-17 15:27 - 104760117 _____ C:\WINDOWS\system32\刲咜6 2013-11-17 14:28 - 2013-11-17 14:28 - 00090112 _____ C:\WINDOWS\Minidump\Mini111713-02.dmp 2013-11-17 09:34 - 2013-11-17 09:34 - 00090112 _____ C:\WINDOWS\Minidump\Mini111713-01.dmp 2013-11-17 09:28 - 2013-11-17 09:28 - 104695876 _____ C:\WINDOWS\system32\咜6 2013-11-16 14:02 - 2013-11-16 14:02 - 104637397 _____ C:\WINDOWS\system32\렫咜6 2013-11-14 10:49 - 2013-11-14 08:59 - 00000000 ____D C:\Program Files\MSXML 4.0 2013-11-14 10:25 - 2013-03-13 14:09 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-11-14 10:25 - 2013-03-13 14:09 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-11-14 10:25 - 2013-03-06 07:42 - 00000000 ____D C:\Documents and Settings\Carol\Local Settings\Application Data\Adobe 2013-11-14 09:35 - 2013-11-08 08:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN 2013-11-14 07:08 - 2013-11-14 07:08 - 104225154 _____ C:\WINDOWS\system32\籹Ꙥ咜6 2013-11-12 08:20 - 2013-11-12 08:20 - 103912569 _____ C:\WINDOWS\system32\搁찊咜6 2013-11-11 07:29 - 2013-11-11 07:29 - 103716811 _____ C:\WINDOWS\system32\逎咜6 2013-11-10 21:15 - 2013-11-09 08:44 - 103661301 _____ C:\WINDOWS\system32\ḫ盱咜6 2013-11-08 20:31 - 2013-11-08 20:31 - 103347145 _____ C:\WINDOWS\system32\졣咜6 2013-11-07 22:06 - 2013-06-04 06:47 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2013-11-07 15:50 - 2011-05-21 12:51 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-11-06 21:09 - 2011-04-18 12:52 - 00000373 ____C C:\WINDOWS\wiadebug.log 2013-11-06 21:09 - 2011-04-18 12:52 - 00000049 ____C C:\WINDOWS\wiaservc.log 2013-11-06 02:04 - 2013-11-06 02:04 - 105172122 _____ C:\WINDOWS\system32\ꡀ챠咜6 2013-11-02 07:28 - 2013-11-02 07:28 - 00000000 ____D C:\Documents and Settings\Carol\Desktop\Unused Desktop Shortcuts 2013-10-31 15:39 - 2013-10-31 15:39 - 104470377 _____ C:\WINDOWS\system32\濹ꖸ咜6 Some content of TEMP: ==================== C:\Documents and Settings\Carol\Local Settings\Temp\avgnt.exe C:\Documents and Settings\Carol\Local Settings\Temp\ntdll_dump.dll C:\Documents and Settings\Carol\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================
  10. I wasn't too clear - FB in Chrome shows ads but they are not appearing in Firefox. Rather, they are suggesting music pages that I might like based on what my 'friends' have liked. Same thing for Firefox - no ads in Gmail, only ads showing in Chrome/Gmail.
  11. I'm not sure -to check it out, I opened amazon, facebook, my calendar etc in both Chrome and Firefox. In Chrome, Facebook is displaying sponsored ads and they "just happen to be" items/interests that I've looked for over the recent weeks (LA Clippers Basketball and a vacuum I just bought). Gmail has an 'ad' link for "Remove Malware - Free". I never intentionally open any of that stuff and I'm not sure if what I'm seeing is normal or if it is due to there still be some remnant of malware/virus. Should I just proceed as usual, and keep a close eye on virus/malware/spyware reports over the next few days? Thanks, Carol
  12. MB detected nothing Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.26.12 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.13 Carol :: CAROL-C6985B789 [administrator] 11/26/2013 3:03:10 PM mbam-log-2013-11-26 (15-03-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 214640 Time elapsed: 11 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  13. Thanks Charlie. I will run MB next. I did not opt to save anything as it was all greek to me. If you see anything in this clean up report that you think might be critical for me to keep, please let me know -I've read that I can remove those from quarantine. Also, I did note that Mozilla was referenced in report more than Chrome - not sure if this comment is useful to you or not, but problem most likely occurred in Chrome and it seems to have affected Chrome more than Firefox (slower, more ads/tracking, etc in Chrome). THANK YOU! Lastly, is this a virus that would compromise saved passwords or break in to banking sites for my info? # AdwCleaner v3.013 - Report created 26/11/2013 at 14:43:41 # Updated 24/11/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Carol - CAROL-C6985B789 # Running from : C:\Documents and Settings\Carol\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Deleted : C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v7.0.6000.17123 -\\ Mozilla Firefox v25.0.1 (en-US) [ File : C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\mr3d5y6u.default\prefs.js ] Line Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1358125646045"); Line Deleted : user_pref("extensions.incredibar.admin", false); Line Deleted : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c", "%7B%22items%22%3A%5B%7B%22id%22%3A%22lWtma6%252BabmFvpG5lblNmZmZiVmyda2Vsp2toa1ZnZmZnU2%252Bu%22%2C%20%22r%22%3A%2225.41%22%2C%[...] Line Deleted : user_pref("extensions.incredibar.afd-1a2d3abe806f9951da73a33d41fcfc9c_wid", "2521; expires=Mon, 14 Jan 2013 07:07:28 GMT"); Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl"); Line Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent"); Line Deleted : user_pref("extensions.incredibar.cntry", "US"); Line Deleted : user_pref("extensions.incredibar.dfltLng", "EN"); Line Deleted : user_pref("extensions.incredibar.dfltSrch", false); Line Deleted : user_pref("extensions.incredibar.dfltlng", "en"); Line Deleted : user_pref("extensions.incredibar.dfltsrch", "false"); Line Deleted : user_pref("extensions.incredibar.did", "10665"); Line Deleted : user_pref("extensions.incredibar.envrmnt", "production"); Line Deleted : user_pref("extensions.incredibar.excTlbr", false); Line Deleted : user_pref("extensions.incredibar.hdrMd5", "C3F1FE6B1CE694F8483DA24A4390AE9E"); Line Deleted : user_pref("extensions.incredibar.hmpg", false); Line Deleted : user_pref("extensions.incredibar.hrdid", "fce76db600000000000000197e685c2b"); Line Deleted : user_pref("extensions.incredibar.id", "fce76db600000000000000197e685c2b"); Line Deleted : user_pref("extensions.incredibar.installerproductid", "26"); Line Deleted : user_pref("extensions.incredibar.instlDay", "15718"); Line Deleted : user_pref("extensions.incredibar.instlRef", ""); Line Deleted : user_pref("extensions.incredibar.instlday", "15718"); Line Deleted : user_pref("extensions.incredibar.instlref", ""); Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false); Line Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false"); Line Deleted : user_pref("extensions.incredibar.keywordurl", ""); Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:55:17"); Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Line Deleted : user_pref("extensions.incredibar.newTab", false); Line Deleted : user_pref("extensions.incredibar.newtab", "false"); Line Deleted : user_pref("extensions.incredibar.newtaburl", ""); Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false); Line Deleted : user_pref("extensions.incredibar.ppd", "t213"); Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar"); Line Deleted : user_pref("extensions.incredibar.productid", "26"); Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Line Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar"); Line Deleted : user_pref("extensions.incredibar.sg", "none"); Line Deleted : user_pref("extensions.incredibar.smplGrp", "none"); Line Deleted : user_pref("extensions.incredibar.smplgrp", "none"); Line Deleted : user_pref("extensions.incredibar.srch", ""); Line Deleted : user_pref("extensions.incredibar.srchprvdr", ""); Line Deleted : user_pref("extensions.incredibar.tlbrId", "base"); Line Deleted : user_pref("extensions.incredibar.tlbrid", "base"); Line Deleted : user_pref("extensions.incredibar.upn2", "6PQVIuvZW7"); Line Deleted : user_pref("extensions.incredibar.upn2n", "92544266996123055"); Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:55:17"); Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Line Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1413:55:17"); Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl"); Line Deleted : user_pref("extensions.incredibar_i.dfltLng", ""); Line Deleted : user_pref("extensions.incredibar_i.did", "10665"); Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false); Line Deleted : user_pref("extensions.incredibar_i.id", "fce76db600000000000000197e685c2b"); Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26"); Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15718"); Line Deleted : user_pref("extensions.incredibar_i.instlRef", ""); Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", ""); Line Deleted : user_pref("extensions.incredibar_i.newTab", false); Line Deleted : user_pref("extensions.incredibar_i.ppd", "t213"); Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar"); Line Deleted : user_pref("extensions.incredibar_i.productid", "26"); Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none"); Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base"); Line Deleted : user_pref("extensions.incredibar_i.upn2", "6PQVIuvZW7"); Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92544266996123055"); Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:55:17"); Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Line Deleted : user_pref("id_igivetoolbar.variables.tracking_enabled_template", "%3Chtml%3E%0D%0A%3Chead%3E%0D%0A%09%0D%0A%0D%0A%09%3Cscript%20language%3D%22javascript%22%3E%20%0D%0A%09%09//%20This%20JS%20code%20imp[...] -\\ Google Chrome v31.0.1650.57 [ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] [ File : C:\Documents and Settings\Carol\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [8704 octets] - [26/11/2013 09:32:54] AdwCleaner[s0].txt - [8811 octets] - [26/11/2013 14:43:41] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8871 octets] ##########
  14. RogueKiller V8.7.9 [Nov 25 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Carol [Admin rights] Mode : Scan -- Date : 11/25/2013 21:22:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xF7BAFEB4) [Address] SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0xF7BAFE6E) [Address] SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xF7BAFEBE) [Address] SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xF7BAFE64) [Address] SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0xF7BAFE73) [Address] SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0xF7BAFE7D) [Address] SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xF7BAFEAF) [Address] SSDT[98] : NtLoadKey @ 0x80626384 -> HOOKED (Unknown @ 0xF7BAFE82) [Address] SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xF7BAFE50) [Address] SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xF7BAFE55) [Address] SSDT[177] : NtQueryValueKey @ 0x80622384 -> HOOKED (Unknown @ 0xF7BAFED7) [Address] SSDT[193] : NtReplaceKey @ 0x80626234 -> HOOKED (Unknown @ 0xF7BAFE8C) [Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xF7BAFEC8) [Address] SSDT[204] : NtRestoreKey @ 0x80625B40 -> HOOKED (Unknown @ 0xF7BAFE87) [Address] SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xF7BAFEC3) [Address] SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xF7BAFECD) [Address] SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0xF7BAFE78) [Address] SSDT[255] : NtSystemDebugControl @ 0x80618134 -> HOOKED (Unknown @ 0xF7BAFED2) [Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7BAFEE6) [Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7BAFEEB) [inline] EAT @explorer.exe (?_Clocptr@_Locimp@locale@std@@0PAV123@A) : MSVCP60.dll -> HOOKED (Unknown @ 0x5E0E398D) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK8052GSX +++++ --- User --- [MBR] 095c6d58f81ca8f1bd641d3d62ab19d4 [bSP] 3cae8aba215647525a6ec3a4d4eaee3d : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11252013_212204.txt >>
  15. Mr.Charlie, I forgot to say thanks. Thanks! And... wanting to make sure I'm understanding directions - am I to proceed with RogueKiller etc. and post results here in this thread OR create an entirely new topic? The following is what I'm not sure I understand: Please Copy & Paste the contents of the following logs in your next reply: DDS.txt and Attach.txt You can ignore the note about zipping the Attach.txt file in most cases.Then post a new topic here.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.