MoneyPak Removal (No Safe Mode or Internet Connection)

R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
I have gotten myself into quite the trouble. Yesterday I got one of the MoneyPak viruses and my computer is completely locked up. It will not open in any safe mode options or with command prompt. It just restarts, so there is no way that I can get to any of my virus removal tools.

I attempted HitmanPro Kickstart, but because I have to log on to my computer through a password it always froze at the loading screen. That cut off internet access, so it was not able to run.

I recently attempted a Kasperky rescue disk. I managed to get that to work, but it only removed a few. Others were postponed/are still there. I'm not sure if it's my lack of connection to the internet, but I am currently not able to connect at all. When I tried starting up my laptop it went right to the MoneyPak screen.

I am running out of options. Is there anyone that would know how to help fix this? I am currently in the middle of doing a project for my internship, and would like to regain access to my computer as soon as possible.

Thank you for your time!
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst.exe</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Thank you for such a quick reply! I have tried getting into the repair your computer option earlier but it will not let me. It restarts again.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Ok, let's try this, do the following on another PC

Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Wait for the CD to detect your hardware and load the operating system
  • Your system should now display a Reatogo desktop
    Note : as you are running from CD it is not exactly speedy
  • Insert the USB with FRST
  • Locate the flash drive with FRST and double click
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Thank you so much for the quick reply! It really means a lot. I will try that now.
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2013
Ran by SYSTEM on 24-06-2013 19:59:08
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [217088 2009-03-31] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3810304 2008-12-21] (Dell Inc.)
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-01-30] (SupportSoft, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [935288 2009-09-04] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\toasterLauncher.exe [120128 2010-02-11] ()
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\Caitlin\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [ 2012-06-16] (SUPERAntiSpyware.com)
HKU\Caitlin\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [ 2012-03-08] (Microsoft Corporation)
HKU\Caitlin\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe [ 2013-06-23] (NVIDIA Corporation)
HKU\Caitlin\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation) <==== ATTENTION
HKU\Caitlin\...\Command Processor: "C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe" <===== ATTENTION!
Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-11] (SUPERAntiSpyware.com)
S4 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] ()
S4 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-31] (Andrea Electronics Corporation)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-06-23] (SurfRight B.V.)
S4 hnmsvc; c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe [828656 2009-04-13] (Dell Inc.)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [214952 2012-03-26] (Microsoft Corporation)
S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [658656 2010-03-04] (SoftThinks)
S4 sprtsvc_DellComms; C:\Program Files\Dell\DellComms\bin\sprtsvc.exe [206064 2009-03-25] (SupportSoft, Inc.)
S4 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-30] (SupportSoft, Inc.)
S4 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-31] (IDT, Inc.)
S2 WINZIPSSDiskOptimizer; C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe [605512 2011-11-10] (WinZip Computing, S.L. (WinZip Computing))
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-21] (Dell Inc.)
S2 DirectUpdate; %systemroot%\system32\iksysflt.dll [x]
S2 GMSIPCI; %systemroot%\system32\rismxdp.dll [x]
S2 HitmanPro36CrusaderBoot; "D:\HitmanPro36.exe" /crusader:boot [x]
S2 motmodem; %systemroot%\system32\twdns.dll [x]
S2 savscan; %systemroot%\system32\transarcafsdaemon.dll [x]
S2 yksvc; RUNDLL32.EXE ykx32coinst,serviceStartProc [x]

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-21] (Broadcom Corporation)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79880 2009-03-25] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-03-25] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214024 2009-03-25] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2009-03-25] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-03-25] (McAfee, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 A2DDA; \??\C:\Users\Caitlin\AppData\Local\temp\Rar$EX41.496\Run\a2ddax86.sys [x]
S3 catchme; \??\C:\Users\Caitlin\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]
S0 subxk; System32\drivers\oojbued.sys [x]
S0 TfFsMon; system32\drivers\TfFsMon.sys [x]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [x]
S0 TfSysMon; system32\drivers\TfSysMon.sys [x]
S0 vvar; System32\drivers\gqertes.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: motmodem -> C:\Windows\system32\twdns.dll ==> No File.
NETSVC: savscan -> C:\Windows\system32\transarcafsdaemon.dll ==> No File.
NETSVC: GMSIPCI -> C:\Windows\system32\rismxdp.dll ==> No File.
NETSVC: rismxdp -> No Registry Path.
NETSVC: DirectUpdate -> C:\Windows\system32\iksysflt.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-06-24 19:59 - 2013-06-24 19:59 - 00000000 ____D C:\FRST
2013-06-23 23:18 - 2013-06-23 23:18 - 00139232 ____A C:\Windows\Minidump\Mini062313-01.dmp
2013-06-23 15:39 - 2013-06-23 15:39 - 01097627 ____A C:\Users\Caitlin\AppData\Roaming\2433f433
2013-06-23 15:39 - 2013-06-23 15:39 - 01097600 ____A C:\Users\Caitlin\AppData\Local\2433f433
2013-06-23 15:35 - 2013-06-23 15:35 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FB9CC6D4-6A56-4FFE-8AE3-563E991FC57D}
2013-06-23 00:36 - 2013-06-23 00:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FE7A3477-0B54-469F-9955-16245DD8524B}
2013-06-22 16:55 - 2013-06-22 17:44 - 117974633 ____A C:\Users\Caitlin\Documents\Always Forever.wmv
2013-06-22 12:19 - 2013-06-22 12:22 - 140777201 ____A C:\Users\Caitlin\Desktop\Ryan, Do roses know their thorns can hurt.wmv
2013-06-22 11:32 - 2013-06-22 11:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D5F7F2DC-B67C-4C08-A564-CCB078797226}
2013-06-21 11:03 - 2013-06-21 11:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{A6B1C668-A0E5-4AD5-B0BB-C896B3446F28}
2013-06-20 11:37 - 2013-06-20 11:37 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E66D9967-8E5B-4681-BCBC-49C36A764BBB}
2013-06-19 11:09 - 2013-06-19 11:09 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1459652D-89D5-45D1-B060-261D3FFFF53C}
2013-06-18 23:08 - 2013-06-18 23:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DC30A43-E0B0-4249-B913-C67F10736E93}
2013-06-17 14:21 - 2013-06-17 14:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{F6514760-505B-40E0-9775-32BAB28BDC89}
2013-06-16 17:17 - 2013-06-16 17:17 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-06-16 16:54 - 2013-06-16 16:55 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{126C9442-62A1-47CE-AE40-6AFA1D7B51AE}
2013-06-15 18:50 - 2013-06-15 18:50 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{158C0930-0F6B-4A73-A443-840840230FF5}
2013-06-14 13:22 - 2013-06-14 13:22 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{27579C40-B4EE-4C77-9E58-870695617695}
2013-06-14 13:21 - 2013-06-14 13:37 - 00000000 ____D C:\Users\Caitlin\Desktop\Safety Pics
2013-06-14 00:34 - 2013-06-14 01:33 - 205655593 ____A C:\Users\Caitlin\Documents\SafetyCamp2013.wmv
2013-06-13 20:09 - 2013-06-13 20:08 - 00013376 ____A C:\Users\Caitlin\Desktop\xLifeincolorings 5.veg
2013-06-13 19:56 - 2013-06-23 18:11 - 00003874 ____A C:\Windows\setupact.log
2013-06-13 19:56 - 2013-06-13 19:56 - 00000000 ____A C:\Windows\setuperr.log
2013-06-12 18:46 - 2013-06-12 18:46 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D3F275CD-D912-47B8-A849-695BB4EA4CB4}
2013-06-11 19:36 - 2013-06-11 19:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1EE2E195-1376-4359-B1FE-AF56A691BE2A}
2013-06-10 22:06 - 2013-06-10 22:06 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7CDF8395-B91D-4A16-9C4E-94DF559E2EDE}
2013-06-09 18:29 - 2013-06-09 19:48 - 98398573 ____A C:\Users\Caitlin\Documents\ForeverYoung.wmv
2013-06-09 16:34 - 2013-06-09 16:34 - 00023368 ____A C:\Users\Caitlin\Desktop\JColouring.veg
2013-06-09 16:08 - 2013-06-09 16:07 - 00017640 ____A C:\Users\Caitlin\Desktop\sony vegas coloring 009.veg
2013-06-09 16:06 - 2013-06-09 16:06 - 00018904 ____A C:\Users\Caitlin\Desktop\TheDarlingTutorials_2.veg
2013-06-09 16:04 - 2013-06-09 16:04 - 00014768 ____A C:\Users\Caitlin\Desktop\xlifeincolorings7.veg
2013-06-09 14:43 - 2013-06-09 14:43 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DEE1197-B6A1-40CC-8641-BE4F97ABB78E}
2013-06-09 00:32 - 2013-06-09 00:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC67F5D-DCA0-454A-9D0B-482A49A4BD04}
2013-06-08 16:54 - 2013-06-08 16:54 - 00019152 ____A C:\Users\Caitlin\Documents\Horserider9802 sony vegas coloring.veg
2013-06-08 12:31 - 2013-06-08 12:31 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{5D26E18D-AD13-45BB-ACE1-D935E4548259}
2013-06-08 00:14 - 2013-06-08 00:14 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0F4970B7-9E4F-43DA-BE4C-B0DE882F8F96}
2013-06-07 12:13 - 2013-06-07 12:14 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{C5FC9EA3-7673-4A64-9788-B572915B3BE4}
2013-06-06 21:57 - 2013-06-06 21:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{4DCDC46B-BB6F-4BEE-8984-CE816DD8F739}
2013-06-06 09:56 - 2013-06-06 09:56 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BBA9CA9D-C306-4890-A26E-4201795EB3F9}
2013-06-05 09:45 - 2013-06-05 09:45 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{407BD67D-FAAA-458F-914A-3E114A4A87B2}
2013-06-04 10:03 - 2013-06-23 00:38 - 00002072 ____A C:\Windows\WindowsUpdate.log
2013-06-04 10:02 - 2013-06-04 10:02 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{06B93890-E623-411A-ADCF-7D82859CB908}
2013-06-03 21:55 - 2013-06-03 21:55 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BB85A3C0-2CAB-4EED-ACA1-E854D64098F1}
2013-06-03 09:54 - 2013-06-03 09:54 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E97467EB-9AFC-4357-A322-B96586F63DD3}
2013-06-02 22:33 - 2013-06-23 23:18 - 187263387 ____A C:\Windows\MEMORY.DMP
2013-06-02 22:33 - 2013-06-02 22:33 - 00139232 ____A C:\Windows\Minidump\Mini060213-01.dmp
2013-06-02 21:17 - 2013-06-02 21:17 - 00000000 __SHD C:\found.002
2013-06-02 12:42 - 2013-06-02 12:42 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{ED2F81C7-2E67-4741-9F4D-31BCEC1DF164}
2013-06-01 11:57 - 2013-06-01 11:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E5D87E93-B0D2-4986-B5FC-A0BE553F4EAF}
2013-05-31 22:00 - 2013-05-31 22:01 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A2B4651-4898-41EC-A4A8-6DE3C93801C9}
2013-05-31 15:25 - 2013-05-31 15:32 - 22349661 ____A C:\Users\Caitlin\Documents\LastPageant.wmv
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A7A0C55-4EBB-429C-AC72-4660A99157B1}
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{59E0D749-12F5-43F7-B11F-17083D2C3D8C}
2013-05-30 09:49 - 2013-05-30 09:49 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EB5ABCFE-A76A-4DE4-A29D-02BD3762EC97}
2013-05-29 14:31 - 2013-05-29 15:27 - 123366633 ____A C:\Users\Caitlin\Documents\Ashes Like Snow.wmv
2013-05-29 14:27 - 2013-05-29 14:28 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{87C10CDF-B7B9-46B4-9DE3-4EA051E70805}
2013-05-29 13:21 - 2013-05-29 13:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{61E9C591-63B6-4D54-94A2-A8AE9F052841}
2013-05-29 09:53 - 2013-05-29 09:53 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{69C56121-BFC5-4D66-A27A-06E05D623702}
2013-05-28 23:26 - 2013-05-28 23:26 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{31571B64-6944-401A-A49E-F60E0A5A9631}
2013-05-28 19:48 - 2013-05-28 19:48 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{90623B4B-FAB7-4E98-93F4-133C22646F3D}
2013-05-28 17:05 - 2013-05-28 17:05 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC6A980-562C-43C8-8483-7A1D2526BB9F}
2013-05-28 16:32 - 2013-05-28 16:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EE7D7AA3-B6F7-4BD9-AF66-37483DFC0D7E}
2013-05-28 10:12 - 2013-05-28 10:12 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{84F5DABE-EE6A-4D9E-9E25-A2A288F434F0}
2013-05-27 15:19 - 2013-05-27 15:19 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{3F0DFEAC-AB67-46DE-A5F5-0007C5112C4E}
2013-05-26 17:03 - 2013-05-26 17:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{2C3ECAC2-E949-42BF-9085-9340D055FF4D}
2013-05-25 10:36 - 2013-05-25 10:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{35A0955B-6E70-4666-AE2E-3003850E436F}

==================== One Month Modified Files and Folders ========

2013-06-24 19:59 - 2013-06-24 19:59 - 00000000 ____D C:\FRST
2013-06-24 17:12 - 2006-11-02 08:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-24 17:12 - 2006-11-02 08:47 - 00003744 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-23 23:18 - 2013-06-23 23:18 - 00139232 ____A C:\Windows\Minidump\Mini062313-01.dmp
2013-06-23 23:18 - 2013-06-02 22:33 - 187263387 ____A C:\Windows\MEMORY.DMP
2013-06-23 23:18 - 2010-07-03 16:28 - 00000000 ____D C:\Windows\Minidump
2013-06-23 18:11 - 2013-06-13 19:56 - 00003874 ____A C:\Windows\setupact.log
2013-06-23 16:15 - 2010-05-19 00:50 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-23 16:14 - 2006-11-02 09:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-23 16:11 - 2006-11-02 09:01 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-23 15:39 - 2013-06-23 15:39 - 01097627 ____A C:\Users\Caitlin\AppData\Roaming\2433f433
2013-06-23 15:39 - 2013-06-23 15:39 - 01097600 ____A C:\Users\Caitlin\AppData\Local\2433f433
2013-06-23 15:35 - 2013-06-23 15:35 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FB9CC6D4-6A56-4FFE-8AE3-563E991FC57D}
2013-06-23 15:35 - 2012-06-22 00:22 - 00000000 ____D C:\Users\Caitlin\AppData\Local\Windows Live
2013-06-23 15:34 - 2009-11-08 17:37 - 00000066 ____A C:\Windows\System32\ToasterLauncherLog.log
2013-06-23 15:34 - 2009-07-15 14:30 - 00000000 ____D C:\Users\Caitlin\Tracing
2013-06-23 15:34 - 2009-06-29 00:27 - 00000000 ____D C:\Program Files\Dell DataSafe Local Backup
2013-06-23 12:48 - 2011-07-22 22:49 - 00000000 ____D C:\Users\Caitlin\Documents\Projects
2013-06-23 12:35 - 2009-07-15 14:42 - 00104448 ____A C:\Users\Caitlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 12:13 - 2010-05-19 00:50 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 12:09 - 2012-05-11 01:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 00:38 - 2013-06-04 10:03 - 00002072 ____A C:\Windows\WindowsUpdate.log
2013-06-23 00:36 - 2013-06-23 00:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{FE7A3477-0B54-469F-9955-16245DD8524B}
2013-06-22 17:44 - 2013-06-22 16:55 - 117974633 ____A C:\Users\Caitlin\Documents\Always Forever.wmv
2013-06-22 12:22 - 2013-06-22 12:19 - 140777201 ____A C:\Users\Caitlin\Desktop\Ryan, Do roses know their thorns can hurt.wmv
2013-06-22 11:32 - 2013-06-22 11:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D5F7F2DC-B67C-4C08-A564-CCB078797226}
2013-06-21 11:03 - 2013-06-21 11:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{A6B1C668-A0E5-4AD5-B0BB-C896B3446F28}
2013-06-20 11:37 - 2013-06-20 11:37 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E66D9967-8E5B-4681-BCBC-49C36A764BBB}
2013-06-19 11:09 - 2013-06-19 11:09 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1459652D-89D5-45D1-B060-261D3FFFF53C}
2013-06-18 23:08 - 2013-06-18 23:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DC30A43-E0B0-4249-B913-C67F10736E93}
2013-06-17 14:43 - 2009-07-15 14:21 - 00000000 ____D C:\Users\Caitlin\Documents\Word
2013-06-17 14:21 - 2013-06-17 14:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{F6514760-505B-40E0-9775-32BAB28BDC89}
2013-06-16 18:47 - 2006-11-02 06:33 - 00706714 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-16 17:35 - 2009-07-15 14:05 - 00000000 ____D C:\users\Caitlin
2013-06-16 17:17 - 2013-06-16 17:17 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2013-06-16 16:55 - 2013-06-16 16:54 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{126C9442-62A1-47CE-AE40-6AFA1D7B51AE}
2013-06-15 18:50 - 2013-06-15 18:50 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{158C0930-0F6B-4A73-A443-840840230FF5}
2013-06-14 13:37 - 2013-06-14 13:21 - 00000000 ____D C:\Users\Caitlin\Desktop\Safety Pics
2013-06-14 13:22 - 2013-06-14 13:22 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{27579C40-B4EE-4C77-9E58-870695617695}
2013-06-14 01:33 - 2013-06-14 00:34 - 205655593 ____A C:\Users\Caitlin\Documents\SafetyCamp2013.wmv
2013-06-13 20:08 - 2013-06-13 20:09 - 00013376 ____A C:\Users\Caitlin\Desktop\xLifeincolorings 5.veg
2013-06-13 19:56 - 2013-06-13 19:56 - 00000000 ____A C:\Windows\setuperr.log
2013-06-12 18:46 - 2013-06-12 18:46 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{D3F275CD-D912-47B8-A849-695BB4EA4CB4}
2013-06-11 19:36 - 2013-06-11 19:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1EE2E195-1376-4359-B1FE-AF56A691BE2A}
2013-06-10 22:06 - 2013-06-10 22:06 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7CDF8395-B91D-4A16-9C4E-94DF559E2EDE}
2013-06-09 19:48 - 2013-06-09 18:29 - 98398573 ____A C:\Users\Caitlin\Documents\ForeverYoung.wmv
2013-06-09 16:34 - 2013-06-09 16:34 - 00023368 ____A C:\Users\Caitlin\Desktop\JColouring.veg
2013-06-09 16:07 - 2013-06-09 16:08 - 00017640 ____A C:\Users\Caitlin\Desktop\sony vegas coloring 009.veg
2013-06-09 16:06 - 2013-06-09 16:06 - 00018904 ____A C:\Users\Caitlin\Desktop\TheDarlingTutorials_2.veg
2013-06-09 16:04 - 2013-06-09 16:04 - 00014768 ____A C:\Users\Caitlin\Desktop\xlifeincolorings7.veg
2013-06-09 14:43 - 2013-06-09 14:43 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0DEE1197-B6A1-40CC-8641-BE4F97ABB78E}
2013-06-09 00:32 - 2013-06-09 00:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC67F5D-DCA0-454A-9D0B-482A49A4BD04}
2013-06-08 16:54 - 2013-06-08 16:54 - 00019152 ____A C:\Users\Caitlin\Documents\Horserider9802 sony vegas coloring.veg
2013-06-08 12:31 - 2013-06-08 12:31 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{5D26E18D-AD13-45BB-ACE1-D935E4548259}
2013-06-08 00:14 - 2013-06-08 00:14 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{0F4970B7-9E4F-43DA-BE4C-B0DE882F8F96}
2013-06-07 12:14 - 2013-06-07 12:13 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{C5FC9EA3-7673-4A64-9788-B572915B3BE4}
2013-06-06 21:57 - 2013-06-06 21:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{4DCDC46B-BB6F-4BEE-8984-CE816DD8F739}
2013-06-06 09:56 - 2013-06-06 09:56 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BBA9CA9D-C306-4890-A26E-4201795EB3F9}
2013-06-05 09:45 - 2013-06-05 09:45 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{407BD67D-FAAA-458F-914A-3E114A4A87B2}
2013-06-04 10:02 - 2013-06-04 10:02 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{06B93890-E623-411A-ADCF-7D82859CB908}
2013-06-03 21:55 - 2013-06-03 21:55 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{BB85A3C0-2CAB-4EED-ACA1-E854D64098F1}
2013-06-03 09:54 - 2013-06-03 09:54 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E97467EB-9AFC-4357-A322-B96586F63DD3}
2013-06-02 22:33 - 2013-06-02 22:33 - 00139232 ____A C:\Windows\Minidump\Mini060213-01.dmp
2013-06-02 21:19 - 2013-05-17 18:05 - 00003458 ____A C:\Windows\PFRO.log
2013-06-02 21:17 - 2013-06-02 21:17 - 00000000 __SHD C:\found.002
2013-06-02 21:10 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\IME
2013-06-02 12:42 - 2013-06-02 12:42 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{ED2F81C7-2E67-4741-9F4D-31BCEC1DF164}
2013-06-01 11:57 - 2013-06-01 11:57 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{E5D87E93-B0D2-4986-B5FC-A0BE553F4EAF}
2013-05-31 22:01 - 2013-05-31 22:00 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A2B4651-4898-41EC-A4A8-6DE3C93801C9}
2013-05-31 15:32 - 2013-05-31 15:25 - 22349661 ____A C:\Users\Caitlin\Documents\LastPageant.wmv
2013-05-31 10:00 - 2013-05-31 10:00 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{7A7A0C55-4EBB-429C-AC72-4660A99157B1}
2013-05-30 15:08 - 2013-05-30 15:08 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{59E0D749-12F5-43F7-B11F-17083D2C3D8C}
2013-05-30 09:49 - 2013-05-30 09:49 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EB5ABCFE-A76A-4DE4-A29D-02BD3762EC97}
2013-05-29 15:27 - 2013-05-29 14:31 - 123366633 ____A C:\Users\Caitlin\Documents\Ashes Like Snow.wmv
2013-05-29 14:28 - 2013-05-29 14:27 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{87C10CDF-B7B9-46B4-9DE3-4EA051E70805}
2013-05-29 13:21 - 2013-05-29 13:21 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{61E9C591-63B6-4D54-94A2-A8AE9F052841}
2013-05-29 09:53 - 2013-05-29 09:53 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{69C56121-BFC5-4D66-A27A-06E05D623702}
2013-05-28 23:26 - 2013-05-28 23:26 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{31571B64-6944-401A-A49E-F60E0A5A9631}
2013-05-28 19:48 - 2013-05-28 19:48 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{90623B4B-FAB7-4E98-93F4-133C22646F3D}
2013-05-28 19:46 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\MSAgent
2013-05-28 17:05 - 2013-05-28 17:05 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{1BC6A980-562C-43C8-8483-7A1D2526BB9F}
2013-05-28 16:32 - 2013-05-28 16:32 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{EE7D7AA3-B6F7-4BD9-AF66-37483DFC0D7E}
2013-05-28 10:12 - 2013-05-28 10:12 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{84F5DABE-EE6A-4D9E-9E25-A2A288F434F0}
2013-05-27 15:19 - 2013-05-27 15:19 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{3F0DFEAC-AB67-46DE-A5F5-0007C5112C4E}
2013-05-26 17:03 - 2013-05-26 17:03 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{2C3ECAC2-E949-42BF-9085-9340D055FF4D}
2013-05-25 10:36 - 2013-05-25 10:36 - 00000000 ____D C:\Users\Caitlin\AppData\Local\{35A0955B-6E70-4666-AE2E-3003850E436F}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1188298847-2614170819-2347088058-1000\$1275ff5241a28249602b776eb539b742

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-06-09 20:05:08

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 3034.29 MB
Available physical RAM: 2728.09 MB
Total Pagefile: 2859.19 MB
Available Pagefile: 2793.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1991.24 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:57.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.23 GB) NTFS
Drive f: (HITMANPRO) (Removable) (Total:7.25 GB) (Free:7.25 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 00638CBF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 367603A2)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-06-23 18:30

==================== End Of Log ============================
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Open notepad and copy & paste the following:

start
HKU\Caitlin\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe [ 2013-06-23] (NVIDIA Corporation)
C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe
HKU\Caitlin\...\Winlogon: [Shell] cmd.exe [ 2008-01-20] (Microsoft Corporation) <==== ATTENTION
HKU\Caitlin\...\Command Processor: "C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe" <===== ATTENTION!
S2 GMSIPCI; %systemroot%\system32\rismxdp.dll [x]
c:\windows\system32\rismxdp.dll
S2 savscan; %systemroot%\system32\transarcafsdaemon.dll [x]
%systemroot%\system32\transarcafsdaemon.dll
S2 motmodem; %systemroot%\system32\twdns.dll [x]
%systemroot%\system32\twdns.dll
S0 subxk; System32\drivers\oojbued.sys [x]
C:\windows\System32\drivers\oojbued.sys
S0 vvar; System32\drivers\gqertes.sys [x]
C:\windows\System32\drivers\gqertes.sys
NETSVC: motmodem -> C:\Windows\system32\twdns.dll ==> No File.
NETSVC: savscan -> C:\Windows\system32\transarcafsdaemon.dll ==> No File.
NETSVC: GMSIPCI -> C:\Windows\system32\rismxdp.dll ==> No File.
NETSVC: rismxdp -> No Registry Path.
NETSVC: DirectUpdate -> C:\Windows\system32\iksysflt.dll ==> No File.
2013-06-23 15:39 - 2013-06-23 15:39 - 01097627 ____A C:\Users\Caitlin\AppData\Roaming\2433f433
2013-06-23 15:39 - 2013-06-23 15:39 - 01097600 ____A C:\Users\Caitlin\AppData\Local\2433f433
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1188298847-2614170819-2347088058-1000\$1275ff5241a28249602b776eb539b742
end
Click to expand...

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Then boot normally. If successful,

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Where can I find system recovery? I try going through "repair your computer" but it takes me to a the log in screen. It does not have my name just "Other user". Is there anything I can do to get past this? I tried logging in with my name and password but it says "The specified domain does not exist or could not be contacted".

Perhaps I am doing something wrong?
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Apologies.

Please create the fixlist.txt and save it to your USB. Then boot into OTLPE, start FRST and click fix
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Here is the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-06-2013
Ran by SYSTEM at 2013-06-25 00:19:56 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

HKU\Caitlin\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
C:\Users\Caitlin\AppData\Local\Temp\xrrpxyjsuiwavyhxr.exe => Moved successfully.
HKU\Caitlin\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Caitlin\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
GMSIPCI => Service deleted successfully.
c:\windows\system32\rismxdp.dll => File/Directory not found.
savscan => Service deleted successfully.
motmodem => Service deleted successfully.
subxk => Service deleted successfully.
C:\windows\System32\drivers\oojbued.sys => File/Directory not found.
vvar => Service deleted successfully.
C:\windows\System32\drivers\gqertes.sys => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs motmodem => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs savscan => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs GMSIPCI => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs rismxdp => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs DirectUpdate => Value deleted successfully.
C:\Users\Caitlin\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Caitlin\AppData\Local\2433f433 => Moved successfully.
C:\$Recycle.Bin\S-1-5-21-1188298847-2614170819-2347088058-1000\$1275ff5241a28249602b776eb539b742 => Moved successfully.

==== End of Fixlog ====




Should I move on to the next steps?
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Where should I start? I attempted to go through the repair my computer again, but it took me back/wouldn't let me log in. I tried to boot normally, but the virus block came up again.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Ok, follow the instructions below. I have to go off now as I have work tomorrow. I will be back tomorrow to help you :)

Go back into OTLPE, double click the OTLPE icon.
otlico.png

  • Select the Windows folder of the infected drive if it asks for a location.
  • When asked Do you wish to load the remote registry, select Yes.
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes.
  • Ensure the box Automatically Load All Remaining Users is checked and press OK.
  • OTL should now start
  • Check the boxes beside LOP Check and Purity Check
  • Press the Run Scan button
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to a USB drive if you do not have internet connection on the system.
  • Please attach the content of OTL.txt in your next reply.
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Thank you so much for all of your help today! I truly appreciate it. I only wish that I had done this yesterday rather than waiting. I will go do what you posted and add the text. Thank you again!
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
OTL logfile created on: 6/25/2013 2:02:31 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 54.07 Gb Free Space | 24.78% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 5.23 Gb Free Space | 35.69% Space Free | Partition Type: NTFS
Drive F: | 7.25 Gb Total Space | 7.23 Gb Free Space | 99.80% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (HitmanPro36CrusaderBoot) HitmanPro 3.6 Crusader (Boot)
SRV - File not found [Auto] -- -- (DirectUpdate)
SRV - [2013/06/23 18:10:57 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/07/27 16:09:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 18:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2011/11/10 12:33:08 | 000,605,512 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto] -- C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe -- (WINZIPSSDiskOptimizer)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/07 20:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 18:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/03/04 13:28:08 | 000,658,656 | ---- | M] (SoftThinks) [Disabled] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009/06/29 00:23:13 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/13 10:48:12 | 000,828,656 | ---- | M] (Dell Inc.) [Disabled] -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Disabled] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/03/25 11:44:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Disabled] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [Disabled] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot] -- -- (TfSysMon)
DRV - File not found [Kernel | On_Demand] -- -- (TfNetMon)
DRV - File not found [Kernel | Boot] -- -- (TfFsMon)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | System] -- -- (A2DDA)
DRV - [2012/03/20 21:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/04/10 23:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009/03/31 11:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 10:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/03/25 12:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 12:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 12:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 12:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 12:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/12/21 14:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/06/17 13:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\Caitlin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\Caitlin_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 0C D2 01 7D 12 84 4B 96 FC F6 91 26 D8 F8 72 [binary data]
IE - HKU\Caitlin_ON_C\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - Reg Error: Key error. File not found
IE - HKU\Caitlin_ON_C\..\URLSearchHook: {81fae9c9-cfbd-4cb3-8322-412e72f55f65} - Reg Error: Key error. File not found
IE - HKU\Caitlin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Caitlin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 0C D2 01 7D 12 84 4B 96 FC F6 91 26 D8 F8 72 [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = FF 0C D2 01 7D 12 84 4B 96 FC F6 91 26 D8 F8 72 [binary data]


========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61677
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)


[2009/07/23 21:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caitlin\AppData\Roaming\Mozilla\Extensions
[2009/07/23 21:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caitlin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/07/23 00:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\zh23lfrc.default\extensions
[2012/02/18 00:26:35 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\zh23lfrc.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/06/28 22:16:25 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\zh23lfrc.default\extensions\OneClickDownload@OneClickDownload.com
[2012/07/23 00:30:32 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Users\Caitlin\AppData\Roaming\Mozilla\Firefox\Profiles\zh23lfrc.default\extensions\wecarereminder@bryan
[2011/10/12 15:28:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Caitlin_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Caitlin_ON_C\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\Caitlin_ON_C\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\Caitlin_ON_C\..\Toolbar\WebBrowser: (no name) - {81FAE9C9-CFBD-4CB3-8322-412E72F55F65} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\Caitlin_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Caitlin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Caitlin_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Caitlin_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\Caitlin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Recovery present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.183.165 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/06/24 19:59:04 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/23 15:35:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{FB9CC6D4-6A56-4FFE-8AE3-563E991FC57D}
[2013/06/23 00:36:15 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{FE7A3477-0B54-469F-9955-16245DD8524B}
[2013/06/22 11:32:29 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{D5F7F2DC-B67C-4C08-A564-CCB078797226}
[2013/06/21 11:03:05 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{A6B1C668-A0E5-4AD5-B0BB-C896B3446F28}
[2013/06/20 11:37:37 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{E66D9967-8E5B-4681-BCBC-49C36A764BBB}
[2013/06/19 11:09:25 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{1459652D-89D5-45D1-B060-261D3FFFF53C}
[2013/06/18 23:08:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{0DC30A43-E0B0-4249-B913-C67F10736E93}
[2013/06/17 14:21:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{F6514760-505B-40E0-9775-32BAB28BDC89}
[2013/06/16 16:54:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{126C9442-62A1-47CE-AE40-6AFA1D7B51AE}
[2013/06/15 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{158C0930-0F6B-4A73-A443-840840230FF5}
[2013/06/14 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{27579C40-B4EE-4C77-9E58-870695617695}
[2013/06/14 13:21:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\Desktop\Safety Pics
[2013/06/12 18:46:19 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{D3F275CD-D912-47B8-A849-695BB4EA4CB4}
[2013/06/11 19:36:37 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{1EE2E195-1376-4359-B1FE-AF56A691BE2A}
[2013/06/10 22:06:43 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{7CDF8395-B91D-4A16-9C4E-94DF559E2EDE}
[2013/06/09 14:43:20 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{0DEE1197-B6A1-40CC-8641-BE4F97ABB78E}
[2013/06/09 00:32:35 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{1BC67F5D-DCA0-454A-9D0B-482A49A4BD04}
[2013/06/08 12:31:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{5D26E18D-AD13-45BB-ACE1-D935E4548259}
[2013/06/08 00:14:48 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{0F4970B7-9E4F-43DA-BE4C-B0DE882F8F96}
[2013/06/07 12:13:53 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{C5FC9EA3-7673-4A64-9788-B572915B3BE4}
[2013/06/06 21:57:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{4DCDC46B-BB6F-4BEE-8984-CE816DD8F739}
[2013/06/06 09:56:41 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{BBA9CA9D-C306-4890-A26E-4201795EB3F9}
[2013/06/05 09:45:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{407BD67D-FAAA-458F-914A-3E114A4A87B2}
[2013/06/04 10:02:51 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{06B93890-E623-411A-ADCF-7D82859CB908}
[2013/06/03 21:55:02 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{BB85A3C0-2CAB-4EED-ACA1-E854D64098F1}
[2013/06/03 09:54:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{E97467EB-9AFC-4357-A322-B96586F63DD3}
[2013/06/02 21:17:19 | 000,000,000 | -HSD | C] -- C:\found.002
[2013/06/02 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{ED2F81C7-2E67-4741-9F4D-31BCEC1DF164}
[2013/06/01 11:57:15 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{E5D87E93-B0D2-4986-B5FC-A0BE553F4EAF}
[2013/05/31 22:00:58 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{7A2B4651-4898-41EC-A4A8-6DE3C93801C9}
[2013/05/31 10:00:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{7A7A0C55-4EBB-429C-AC72-4660A99157B1}
[2013/05/30 15:08:28 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{59E0D749-12F5-43F7-B11F-17083D2C3D8C}
[2013/05/30 09:49:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{EB5ABCFE-A76A-4DE4-A29D-02BD3762EC97}
[2013/05/29 14:27:41 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{87C10CDF-B7B9-46B4-9DE3-4EA051E70805}
[2013/05/29 13:21:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{61E9C591-63B6-4D54-94A2-A8AE9F052841}
[2013/05/29 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{69C56121-BFC5-4D66-A27A-06E05D623702}
[2013/05/28 23:26:53 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{31571B64-6944-401A-A49E-F60E0A5A9631}
[2013/05/28 19:48:06 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{90623B4B-FAB7-4E98-93F4-133C22646F3D}
[2013/05/28 17:05:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{1BC6A980-562C-43C8-8483-7A1D2526BB9F}
[2013/05/28 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{EE7D7AA3-B6F7-4BD9-AF66-37483DFC0D7E}
[2013/05/28 10:12:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{84F5DABE-EE6A-4D9E-9E25-A2A288F434F0}
[2013/05/27 15:19:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{3F0DFEAC-AB67-46DE-A5F5-0007C5112C4E}
[2013/05/26 17:03:29 | 000,000,000 | ---D | C] -- C:\Users\Caitlin\AppData\Local\{2C3ECAC2-E949-42BF-9085-9340D055FF4D}
[2012/07/12 04:28:44 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files\Common Files\atimpenc.dll
[3 C:\Users\Caitlin\Documents\*.tmp files -> C:\Users\Caitlin\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/25 01:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/25 01:47:49 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 01:47:49 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 01:47:44 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/23 23:18:32 | 187,263,387 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/06/23 18:08:14 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/06/23 16:15:29 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/23 15:39:56 | 001,097,648 | ---- | M] () -- C:\ProgramData\2433f433
[2013/06/23 12:35:40 | 000,104,448 | ---- | M] () -- C:\Users\Caitlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/23 12:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/23 12:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/22 17:44:42 | 117,974,633 | ---- | M] () -- C:\Users\Caitlin\Documents\Always Forever.wmv
[2013/06/22 12:22:27 | 140,777,201 | ---- | M] () -- C:\Users\Caitlin\Desktop\Ryan, Do roses know their thorns can hurt.wmv
[2013/06/16 18:47:21 | 000,607,180 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/16 18:47:21 | 000,105,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/16 17:17:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013/06/16 00:24:38 | 000,136,711 | ---- | M] () -- C:\Users\Caitlin\Desktop\FathersDay.jpg
[2013/06/14 01:33:28 | 205,655,593 | ---- | M] () -- C:\Users\Caitlin\Documents\SafetyCamp2013.wmv
[2013/06/13 20:08:57 | 000,013,376 | ---- | M] () -- C:\Users\Caitlin\Desktop\xLifeincolorings 5.veg
[2013/06/09 19:48:46 | 098,398,573 | ---- | M] () -- C:\Users\Caitlin\Documents\ForeverYoung.wmv
[2013/06/09 16:34:01 | 000,023,368 | ---- | M] () -- C:\Users\Caitlin\Desktop\JColouring.veg
[2013/06/09 16:07:43 | 000,017,640 | ---- | M] () -- C:\Users\Caitlin\Desktop\sony vegas coloring 009.veg
[2013/06/09 16:06:41 | 000,018,904 | ---- | M] () -- C:\Users\Caitlin\Desktop\TheDarlingTutorials_2.veg
[2013/06/09 16:04:40 | 000,014,768 | ---- | M] () -- C:\Users\Caitlin\Desktop\xlifeincolorings7.veg
[2013/06/08 16:54:06 | 000,019,152 | ---- | M] () -- C:\Users\Caitlin\Documents\Horserider9802 sony vegas coloring.veg
[2013/05/31 15:32:20 | 022,349,661 | ---- | M] () -- C:\Users\Caitlin\Documents\LastPageant.wmv
[2013/05/29 15:27:13 | 123,366,633 | ---- | M] () -- C:\Users\Caitlin\Documents\Ashes Like Snow.wmv
[3 C:\Users\Caitlin\Documents\*.tmp files -> C:\Users\Caitlin\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/25 00:12:06 | 3181,760,512 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/23 15:39:56 | 001,097,648 | ---- | C] () -- C:\ProgramData\2433f433
[2013/06/22 16:55:52 | 117,974,633 | ---- | C] () -- C:\Users\Caitlin\Documents\Always Forever.wmv
[2013/06/22 12:19:53 | 140,777,201 | ---- | C] () -- C:\Users\Caitlin\Desktop\Ryan, Do roses know their thorns can hurt.wmv
[2013/06/16 17:17:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2013/06/16 00:24:37 | 000,136,711 | ---- | C] () -- C:\Users\Caitlin\Desktop\FathersDay.jpg
[2013/06/14 00:34:15 | 205,655,593 | ---- | C] () -- C:\Users\Caitlin\Documents\SafetyCamp2013.wmv
[2013/06/13 20:09:06 | 000,013,376 | ---- | C] () -- C:\Users\Caitlin\Desktop\xLifeincolorings 5.veg
[2013/06/09 18:29:37 | 098,398,573 | ---- | C] () -- C:\Users\Caitlin\Documents\ForeverYoung.wmv
[2013/06/09 16:34:01 | 000,023,368 | ---- | C] () -- C:\Users\Caitlin\Desktop\JColouring.veg
[2013/06/09 16:08:04 | 000,017,640 | ---- | C] () -- C:\Users\Caitlin\Desktop\sony vegas coloring 009.veg
[2013/06/09 16:06:45 | 000,018,904 | ---- | C] () -- C:\Users\Caitlin\Desktop\TheDarlingTutorials_2.veg
[2013/06/09 16:04:44 | 000,014,768 | ---- | C] () -- C:\Users\Caitlin\Desktop\xlifeincolorings7.veg
[2013/06/08 16:54:20 | 000,019,152 | ---- | C] () -- C:\Users\Caitlin\Documents\Horserider9802 sony vegas coloring.veg
[2013/06/02 22:33:34 | 187,263,387 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/31 15:25:01 | 022,349,661 | ---- | C] () -- C:\Users\Caitlin\Documents\LastPageant.wmv
[2013/05/29 14:31:03 | 123,366,633 | ---- | C] () -- C:\Users\Caitlin\Documents\Ashes Like Snow.wmv
[2012/07/31 01:23:28 | 000,000,064 | ---- | C] () -- C:\ProgramData\-84bi1KGi9E4gk0r
[2012/07/31 01:23:27 | 000,000,064 | ---- | C] () -- C:\ProgramData\-84bi1KGi9E4gk0
[2012/07/31 01:23:22 | 000,000,368 | ---- | C] () -- C:\ProgramData\84bi1KGi9E4gk0
[2012/07/30 17:14:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-Mc6bjmwTe4AN7or
[2012/07/30 17:14:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-Mc6bjmwTe4AN7o
[2012/07/30 17:14:30 | 000,000,368 | ---- | C] () -- C:\ProgramData\Mc6bjmwTe4AN7o
[2012/07/24 16:02:15 | 000,000,086 | -HS- | C] () -- C:\Users\Caitlin\AppData\Roaming\winset.ini
[2012/05/29 23:51:48 | 000,000,041 | ---- | C] () -- C:\Users\Caitlin\AppData\Roaming\8432A5.dat
[2012/05/21 22:54:34 | 000,000,152 | ---- | C] () -- C:\ProgramData\-qpBOEq4gwwLCuar
[2012/05/21 22:54:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\-qpBOEq4gwwLCua
[2012/05/21 22:54:27 | 000,000,256 | ---- | C] () -- C:\ProgramData\qpBOEq4gwwLCua
[2012/01/19 22:43:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/19 22:43:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/19 22:43:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/19 22:43:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/19 22:43:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/24 11:48:28 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/09 10:42:51 | 000,000,552 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\d3d8caps.dat
[2011/05/22 15:35:14 | 000,000,000 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\{6CA91625-A7AB-447B-8738-FE14F5ADF468}
[2011/05/17 21:28:34 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1134.old
[2011/05/17 21:28:34 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll1112.old
[2011/05/17 20:30:45 | 000,005,558 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/17 20:30:45 | 000,005,558 | -HS- | C] () -- C:\ProgramData\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/17 14:10:49 | 000,016,106 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\c25v536q0haag77cku307l2142ma5s
[2011/05/17 14:10:49 | 000,016,106 | -HS- | C] () -- C:\ProgramData\c25v536q0haag77cku307l2142ma5s
[2011/05/12 16:15:11 | 000,022,806 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\okegjy65jj25l0i2x
[2011/05/12 16:15:11 | 000,022,806 | -HS- | C] () -- C:\ProgramData\okegjy65jj25l0i2x
[2011/03/14 10:57:33 | 000,134,176 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\ucasiyovupomub.dll
[2011/03/14 01:15:01 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\areqaluh.dll
[2011/03/13 22:50:30 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\ejesaneyulexaheq.dll
[2011/03/13 20:46:02 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\exuyetof.dll
[2011/03/13 17:29:48 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\egelonorapule.dll
[2011/03/13 17:12:10 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\amebugid.dll
[2011/02/02 17:57:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/02 17:57:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/11 23:19:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/11 23:18:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/06/30 22:59:00 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/05/08 21:23:37 | 000,006,756 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\d3d9caps.dat
[2010/04/07 20:18:45 | 000,018,930 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\P21b0S80R
[2010/04/07 20:18:45 | 000,018,930 | -HS- | C] () -- C:\ProgramData\P21b0S80R
[2010/04/01 23:40:28 | 000,017,812 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\8Cq4r
[2010/04/01 23:40:28 | 000,017,812 | -HS- | C] () -- C:\ProgramData\8Cq4r
[2009/09/14 16:53:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/15 14:47:03 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009/07/15 14:42:18 | 000,104,448 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/29 02:50:17 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/06/29 02:50:17 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/06/29 02:50:17 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/29 02:50:17 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/06/29 00:12:03 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/06/29 00:12:02 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/06/29 00:12:02 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/06/29 00:03:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/04/11 14:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 12:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,372,072 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,607,180 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,105,934 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== LOP Check ==========

[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Apdyd
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Biqyr
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Buzyv
[2012/06/04 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Byel
[2012/07/04 21:22:58 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Cuzy
[2012/06/04 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Deuq
[2011/09/04 17:00:52 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Dropbox
[2012/07/23 22:00:56 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Edvyv
[2012/07/19 23:14:26 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Feul
[2010/06/23 18:53:26 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\FFAcr8kiMhJxtHYHNe
[2012/07/17 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Foseaq
[2012/07/17 17:32:09 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Funu
[2011/01/27 22:55:56 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\GetRightToGo
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Icvan
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Iczer
[2012/07/12 21:38:30 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Laby
[2012/07/14 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Lodiiw
[2012/07/23 12:24:41 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Loum
[2012/07/13 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Nedam
[2012/07/11 22:11:10 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ohsi
[2012/07/23 00:29:59 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\OpenCandy
[2009/08/17 21:57:49 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Opera
[2012/07/14 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Otnyde
[2012/07/31 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\PCDr
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Peik
[2012/07/17 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Peqube
[2009/07/15 14:38:20 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Publish Providers
[2012/07/13 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Puoxyv
[2012/07/11 22:11:11 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Puuxuf
[2012/07/14 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Qycy
[2012/06/05 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Raogyf
[2012/07/23 12:34:57 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Roaming
[2012/07/17 20:44:02 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Sodey
[2011/12/05 23:31:43 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Sony
[2011/03/07 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Sony Creative Software Inc
[2012/07/24 18:02:47 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Suwy
[2012/06/06 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Suykb
[2012/06/25 19:35:55 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\TeamViewer
[2011/11/05 12:45:07 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\TestApp
[2012/07/14 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Tytym
[2012/07/28 16:09:31 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\uTorrent
[2012/07/16 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Uxiwd
[2012/06/04 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\WinZip
[2012/06/04 19:43:11 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Woir
[2012/07/13 17:43:47 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Xelin
[2012/09/11 09:33:22 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Xilisoft
[2012/07/13 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ybgi
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ymhi
[2012/07/12 21:38:30 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ynwave
[2012/07/10 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Yrpu
[2012/06/05 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Zipoac
[2012/07/28 15:19:44 | 000,000,000 | ---D | M] -- C:\ProgramData\036DFF851697F7E4C9B746B42F3B707C
[2013/03/04 23:57:16 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010/07/01 18:19:16 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2009/07/15 14:00:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/05/17 21:06:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Common Files
[2009/07/15 14:00:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/15 14:00:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/10/11 20:43:23 | 000,000,000 | ---D | M] -- C:\ProgramData\ErrorEND
[2011/06/11 15:32:37 | 000,000,000 | ---D | M] -- C:\ProgramData\eSellerate
[2009/07/15 14:00:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/07/23 16:35:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Freemake
[2013/06/23 18:08:14 | 000,000,000 | ---D | M] -- C:\ProgramData\HitmanPro
[2011/05/17 21:06:57 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2009/06/29 00:28:50 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2012/07/31 20:12:29 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2011/01/24 17:45:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2009/07/15 14:00:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/05/18 00:37:14 | 000,000,000 | ---D | M] -- C:\ProgramData\STOPzilla!
[2009/06/29 00:28:52 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2012/01/19 22:21:20 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2009/07/15 14:00:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2009/06/29 00:23:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2012/07/23 00:30:32 | 000,000,000 | ---D | M] -- C:\ProgramData\WeCareReminder
[2010/09/21 20:57:44 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/09/11 09:32:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Xilisoft
[2011/07/23 17:59:14 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/25 13:14:13 | 000,000,084 | ---- | M] () -- C:\Windows\Tasks\ID.Conf
[2013/06/23 16:11:56 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Your PC is severely infected. I would recommend you to change your personal and banking information if you used this PC to access your bank account.

Go into OTLPE and start OTLPE. Under custom scan/fixes, copy and paste the following:

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 61677
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - File not found
[2013/06/23 15:39:56 | 001,097,648 | ---- | M] () -- C:\ProgramData\2433f433
[2012/07/31 01:23:28 | 000,000,064 | ---- | C] () -- C:\ProgramData\-84bi1KGi9E4gk0r
[2012/07/31 01:23:27 | 000,000,064 | ---- | C] () -- C:\ProgramData\-84bi1KGi9E4gk0
[2012/07/31 01:23:22 | 000,000,368 | ---- | C] () -- C:\ProgramData\84bi1KGi9E4gk0
[2012/07/30 17:14:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-Mc6bjmwTe4AN7or
[2012/07/30 17:14:35 | 000,000,064 | ---- | C] () -- C:\ProgramData\-Mc6bjmwTe4AN7o
[2012/07/30 17:14:30 | 000,000,368 | ---- | C] () -- C:\ProgramData\Mc6bjmwTe4AN7o
[2012/07/24 16:02:15 | 000,000,086 | -HS- | C] () -- C:\Users\Caitlin\AppData\Roaming\winset.ini
[2012/05/29 23:51:48 | 000,000,041 | ---- | C] () -- C:\Users\Caitlin\AppData\Roaming\8432A5.dat
[2012/05/21 22:54:34 | 000,000,152 | ---- | C] () -- C:\ProgramData\-qpBOEq4gwwLCuar
[2012/05/21 22:54:34 | 000,000,000 | ---- | C] () -- C:\ProgramData\-qpBOEq4gwwLCua
[2012/05/21 22:54:27 | 000,000,256 | ---- | C] () -- C:\ProgramData\qpBOEq4gwwLCua
[2011/05/17 20:30:45 | 000,005,558 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/17 20:30:45 | 000,005,558 | -HS- | C] () -- C:\ProgramData\384f67732t3b5h15xhpfvphk727l5ffm
[2011/05/17 14:10:49 | 000,016,106 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\c25v536q0haag77cku307l2142ma5s
[2011/05/17 14:10:49 | 000,016,106 | -HS- | C] () -- C:\ProgramData\c25v536q0haag77cku307l2142ma5s
[2011/05/12 16:15:11 | 000,022,806 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\okegjy65jj25l0i2x
[2011/05/12 16:15:11 | 000,022,806 | -HS- | C] () -- C:\ProgramData\okegjy65jj25l0i2x
[2011/03/14 10:57:33 | 000,134,176 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\ucasiyovupomub.dll
[2011/03/14 01:15:01 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\areqaluh.dll
[2011/03/13 22:50:30 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\ejesaneyulexaheq.dll
[2011/03/13 20:46:02 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\exuyetof.dll
[2011/03/13 17:29:48 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\egelonorapule.dll
[2011/03/13 17:12:10 | 000,000,517 | ---- | C] () -- C:\Users\Caitlin\AppData\Local\amebugid.dll
[2010/04/07 20:18:45 | 000,018,930 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\P21b0S80R
[2010/04/07 20:18:45 | 000,018,930 | -HS- | C] () -- C:\ProgramData\P21b0S80R
[2010/04/01 23:40:28 | 000,017,812 | -HS- | C] () -- C:\Users\Caitlin\AppData\Local\8Cq4r
[2010/04/01 23:40:28 | 000,017,812 | -HS- | C] () -- C:\ProgramData\8Cq4r
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Apdyd
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Biqyr
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Buzyv
[2012/06/04 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Byel
[2012/07/04 21:22:58 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Cuzy
[2012/06/04 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Deuq
[2012/07/23 22:00:56 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Edvyv
[2012/07/19 23:14:26 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Feul
[2010/06/23 18:53:26 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\FFAcr8kiMhJxtHYHNe
[2012/07/17 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Foseaq
[2012/07/17 17:32:09 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Funu
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Icvan
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Iczer
[2012/07/12 21:38:30 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Laby
[2012/07/14 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Lodiiw
[2012/07/23 12:24:41 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Loum
[2012/07/13 16:59:37 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Nedam
[2012/07/11 22:11:10 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ohsi
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Peik
[2012/07/17 20:22:04 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Peqube
[2012/07/13 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Puoxyv
[2012/07/11 22:11:11 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Puuxuf
[2012/07/14 15:42:52 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Qycy
[2012/06/05 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Raogyf
[2012/06/06 23:46:40 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Suykb
[2012/07/17 20:44:02 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Sodey
[2012/07/14 22:31:33 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Tytym
[2012/07/16 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Uxiwd
[2012/06/04 19:43:11 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Woir
[2012/07/13 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ybgi
[2012/07/17 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ymhi
[2012/07/12 21:38:30 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Ynwave
[2012/07/10 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Yrpu
[2012/06/05 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Caitlin\AppData\Roaming\Zipoac
[2012/07/28 15:19:44 | 000,000,000 | ---D | M] -- C:\ProgramData\036DFF851697F7E4C9B746B42F3B707C
[2013/03/04 23:57:16 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

:Commands
[EMPTYTEMP]
[RESETHOSTS]
Click to expand...

Then click Run Fix. A log should generate, copy that log onto your USB and post it here. Let your PC reboot to normal mode by pulling out the CD. If successful, follow the steps i provided above.
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Ah. Of course. Thank you forall the help so far! I don't know what I would do without it. Do you think my computer is saveable? I will go try that now.
 
R

RJude

New Member
Thread author
Verified
Jun 24, 2013
34
Stupid question but would banking information inlcude cares I used to order things?
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Anything that you have physically entered on your PC (passwords to bank accounts, bank account numbers, credit card numbers, your name, address, social insurance number, ..etc) may have be keylogged and transferred to the bad guys.

Informing your bank to watch out for suspicious credit card transactions and changing passwords on another PC would be recommended.
 

Similar threads

tanner_doriano
  • Locked
No Reply PC Infected with Persistent Malware Downloading Files Hourly
Replies
7
Views
388
Windows Malware Removal Help & Support
icotonev
icotonev
JuniperBarry
  • Locked
No Reply Your search bar is not being removed
Replies
2
Views
268
Windows Malware Removal Help & Support
icotonev
icotonev
L
  • Locked
Waiting for reply I have my first virus
Replies
1
Views
169
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top