Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

www.xn--&-8ga.com [resolved]


  • This topic is locked This topic is locked

#1
kurosaki_9

kurosaki_9

    New Member

  • Member
  • Pip
  • 3 posts
Hi,


I've been having problems with Firefox opening new windows by itself. Each window has four tabs with the following:

hxxp://www.xn--&-8ga.com/
hxxp://www.xn--pda.com/
file:///C:/Program%20Files/Mozilla%20Firefox/
file:///C:/Program%20Files/Mozilla%20Firefox/T%E2%80%98%C3%91%C3%A5%C2%AD%C2%

It's driving me crazy, especially when I'm trying to read and 40 windows keep opening up. I know that someone else has had this problem and I've read it so i did the two scans you had them do but i don't know if it will be different from their problem.

Here's the two LOGS:

OTL Report

OTL logfile created on: 8/11/2011 8:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Downloads
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16386)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.15 Gb Available Physical Memory | 8.16% Memory free
3.96 Gb Paging File | 1.95 Gb Available in Paging File | 49.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.05 Gb Total Space | 35.32 Gb Free Space | 25.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.45 Gb Free Space | 44.53% Space Free | Partition Type: NTFS
Drive J: | 7.45 Gb Total Space | 3.55 Gb Free Space | 47.62% Space Free | Partition Type: FAT32

Computer Name: ALLENWALKER00 | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/11 20:10:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
PRC - [2011/08/11 19:55:31 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Users\owner\Downloads\aswMBR.exe
PRC - [2011/07/06 00:35:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/04/07 22:44:58 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/04/07 22:44:48 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/04/07 22:14:00 | 002,218,600 | R--- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/07/06 07:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010/04/11 10:22:46 | 000,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/13 11:59:01 | 000,032,849 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2010/03/13 11:59:01 | 000,028,783 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2010/03/13 11:59:01 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2010/02/12 18:07:32 | 005,933,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/10/30 14:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2008/02/13 13:06:58 | 002,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/02/13 13:02:46 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008/02/13 13:02:24 | 000,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2006/12/23 19:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 19:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/02 02:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 20:10:57 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Downloads\OTL.exe
MOD - [2011/04/28 17:29:01 | 000,413,112 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/02/05 18:20:30 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\Temp\logishrd\LVPrcInj01.dll
MOD - [2006/11/02 02:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/28 23:29:17 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_2da1ebd.dll -- (Akamai)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/04/07 22:14:00 | 002,218,600 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/13 11:59:01 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/11/02 05:33:48 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/08/03 19:45:27 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110810.037\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 19:45:26 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110810.037\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,367,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110810.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/27 22:33:19 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/27 22:33:18 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/22 17:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/09 17:56:44 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/07 22:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/03/30 20:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 20:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 17:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1206000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 19:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/03/03 08:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/01/26 23:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 22:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/02/05 19:21:25 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/05 19:20:40 | 000,628,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 19:17:37 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/02/05 19:17:26 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://myitlab.com/
IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.80
FF - prefs.js..extensions.enabledItems: [email protected]:0.21.1
FF - prefs.js..extensions.enabledItems: {567F62D2-2162-43fe-A573-E5620D0934B2}:2.06
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..extensions.enabledItems: {F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}:1.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\owner\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/04/05 12:20:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/07/07 10:11:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011/08/11 19:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/06 00:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/27 19:09:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\owner\AppData\Roaming\Move Networks [2010/03/29 20:13:30 | 000,000,000 | ---D | M]

[2010/03/02 17:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Extensions
[2011/08/05 19:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9y09pid8.default\extensions
[2010/12/12 00:40:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9y09pid8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/07 10:12:47 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9y09pid8.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
[2011/07/09 13:31:52 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9y09pid8.default\extensions\[email protected]
[2010/06/30 22:44:06 | 000,000,000 | ---D | M] (GameBox) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9y09pid8.default\extensions\[email protected]
[2011/05/06 16:12:08 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9y09pid8.default\extensions\[email protected]
[2011/05/27 19:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{567F62D2-2162-43FE-A573-E5620D0934B2}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{B042753D-F57E-4E8E-A01B-7379A6D4CEFB}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\{F5CEF9AD-F6AF-4B69-AB6D-936BF6BCB6D7}
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
File not found (No name found) -- C:\PROGRAM FILES\COMETBIRD\EXTENSIONS\[email protected]
[2010/09/02 17:32:21 | 000,000,000 | ---D | M] (Gamevance TextLinks) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLI[email protected]
[2011/07/06 00:35:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/01/29 17:18:36 | 000,002,045 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Shop to Win 8) - {DAC028C6-2A41-4730-B91F-DFBCB26C82B3} - C:\Program Files\Shop to Win 8\ShoppingBHO.dll (Freecause Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient_2.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Ultralingua 7 Hotkey] C:\Program Files\Ultralingua\Ultralingua 7\ULHotkey.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000..\Run: [cdloader] C:\Users\owner\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O13 - gopher Prefix: missing
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/08/26 18:04:39 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 19:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers
[2011/08/05 19:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/07/21 00:57:46 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\Misc
[2011/07/18 19:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011/07/18 19:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011/07/18 19:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011/07/18 19:31:47 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/07/18 19:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/11 20:20:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 20:20:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/11 19:49:45 | 000,000,680 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2011/08/11 19:20:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/11 19:20:28 | 2011,684,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/11 19:11:31 | 147,038,214 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/26 15:36:01 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/07/20 14:47:13 | 000,069,120 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/19 17:53:11 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2011/07/18 19:36:31 | 000,000,552 | ---- | M] () -- C:\Users\owner\AppData\Local\d3d8caps.dat
[2011/07/17 03:18:31 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/11 19:11:32 | 2011,684,864 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/24 02:53:55 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat
[2011/07/19 16:56:55 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2011/07/18 19:36:31 | 000,000,552 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d8caps.dat
[2011/07/18 19:33:06 | 000,004,755 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011/07/17 03:18:31 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/04/08 17:01:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\null0.49024565334250925.exe
[2011/02/15 04:26:35 | 000,000,120 | ---- | C] () -- C:\Users\owner\AppData\Local\Vkogapifovavo.dat
[2011/02/15 04:26:35 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\Lfohone.bin
[2010/10/14 16:54:52 | 000,001,940 | ---- | C] () -- C:\Users\owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/09/05 07:18:49 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2010/09/05 07:18:49 | 000,002,314 | ---- | C] () -- C:\Windows\unins000.dat
[2010/08/10 15:28:42 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2010/04/11 10:19:56 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/03/10 15:52:25 | 000,069,120 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/07 12:59:34 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/03/07 12:59:34 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/03/07 12:59:34 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/03/07 12:56:13 | 000,001,055 | ---- | C] () -- C:\Windows\disney.ini
[2010/03/02 16:37:25 | 000,157,723 | ---- | C] () -- C:\Windows\hpoins27.dat
[2010/03/02 16:37:25 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2010/03/02 14:04:25 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2010/03/01 18:27:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2006/11/02 05:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:44:53 | 000,394,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 03:33:01 | 000,621,314 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,104,662 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 00:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 00:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/02/19 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AD6B2BFA1F2FE6977F7D6927EB970751
[2011/08/01 04:09:48 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\BitTorrent
[2010/03/02 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\CometNetwork
[2011/06/23 21:27:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\GetRightToGo
[2010/04/11 10:22:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech
[2011/04/05 12:20:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\mjusbsp
[2010/03/27 14:27:52 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2010/04/20 15:53:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Skinux
[2010/11/08 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\SYSTEMAX Software Development
[2010/12/04 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Unity
[2010/12/20 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\YoudaGames
[2011/07/26 15:36:01 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2010/12/17 15:16:05 | 000,000,284 | ---- | M] () -- C:\Windows\Tasks\RunAsStdUser Task for VeohWebPlayer.job
[2011/08/11 19:40:24 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

aswMBR Log:

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-11 20:12:34
-----------------------------
20:12:34.882 OS Version: Windows 6.0.6000
20:12:34.883 Number of processors: 1 586 0x5F03
20:12:34.884 ComputerName: ALLENWALKER00 UserName: owner
20:12:42.587 Initialize success
20:27:51.643 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
20:27:51.647 Disk 0 Vendor: Hitachi_ GMBO Size: 152627MB BusType: 8
20:27:51.650 Device \Device\00000050 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDP725016GLA#4&2a8602f4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
20:27:51.653 Disk 0 MBR read error 0
20:27:51.657 Disk 0 MBR scan
20:27:51.661 Disk 0 unknown MBR code
20:27:51.666 MBR BIOS signature not found 0
20:27:51.672 Disk 0 scanning sectors +312578048
20:27:51.754 Disk 0 scanning C:\Windows\system32\drivers
20:27:58.918 Service scanning
20:28:01.231 Modules scanning
20:28:17.482 Disk 0 trace - called modules:
20:28:17.493 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8724f555]<<
20:28:17.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865e9308]
20:28:17.607 3 ntkrnlpa.exe[81cb06e2] -> nt!IofCallDriver -> [0x84fbaa38]
20:28:17.615 5 acpi.sys[806d732a] -> nt!IofCallDriver -> [0x85d44ca0]
20:28:17.623 \Driver\nvstor[0x87237f38] -> IRP_MJ_CREATE -> 0x8724f555
20:28:17.632 Scan finished successfully
20:30:25.343 Disk 0 MBR has been saved successfully to "C:\Users\owner\Downloads\MBR.dat"
20:30:25.350 The log file has been saved successfully to "C:\Users\owner\Downloads\aswMBRLOG.txt"
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can stop this for you

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2010/03/13 11:59:01 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    IE - HKLM\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
    IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    IE - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\URLSearchHook: {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/04/05 12:20:54 | 000,000,000 | ---D | M]
    [2011/07/07 10:12:47 | 000,000,000 | ---D | M] (PageRage Community Toolbar) -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\9y09pid8.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}
    [2011/01/29 17:18:36 | 000,002,045 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
    O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O2 - BHO: (Shop to Win 8) - {DAC028C6-2A41-4730-B91F-DFBCB26C82B3} - C:\Program Files\Shop to Win 8\ShoppingBHO.dll (Freecause Inc.)
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (PageRage Toolbar) - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\prxtbPage.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O3 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
    O3 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
    O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    O4 - HKLM..\Run: [Ultralingua 7 Hotkey] C:\Program Files\Ultralingua\Ultralingua 7\ULHotkey.exe ()
    O4 - HKU\S-1-5-21-3046101821-2857493788-1727365106-1000..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
    [2011/04/08 17:01:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\null0.49024565334250925.exe
    [2011/02/15 04:26:35 | 000,000,120 | ---- | C] () -- C:\Users\owner\AppData\Local\Vkogapifovavo.dat
    [2011/02/15 04:26:35 | 000,000,000 | ---- | C] () -- C:\Users\owner\AppData\Local\Lfohone.bin
    [2011/02/19 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\AD6B2BFA1F2FE6977F7D6927EB970751

    :Files
    ipconfig /flushdns /c
    C:\Program Files\MyWebSearch
    C:\Program Files\Common Files\FreeCause
    C:\Program Files\Ultralingua

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    Posted Image
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
    .
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
kurosaki_9

kurosaki_9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks, I actually forgot to close this up. I followed the steps from a different topic, the same problem i had and my computer has been working fine ever since. I checked what you had me do and it's what I did, step by step. Thanks for replying so fast.

I believe we can close this topic now right?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem - just the tools to remove

Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :unsure:
  • 0

#5
kurosaki_9

kurosaki_9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
thanks for all the help. I will save this link page so I remember what to do from now on. Once i do it often, or as often as you say, I won't have to look at this for reference. I will make sure to follow your helpful tips and i do hope that i don't get a problem in the future. I've spent a lot of money thinking that i could not fix the problem by myself but now have seen that it doesnt take a genius to do all this. If you follow these easy steps from people who know what to do and are doing it for free, you won't have to spend money at all.

Again, thanks for your help and i will keep safe.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP